CVE-2023-41289OS Command Injection in Systems INC Qcalagent

CWE-78OS Command Injection3 documents3 sources
Severity
8.8HIGHNVD
CNA6.3
EPSS
0.5%
top 34.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems INC QcalagentQnap Qcalagent
Timeline
PublishedJan 5

Description

An OS command injection vulnerability has been reported to affect QcalAgent. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QcalAgent 1.1.8 and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDqnap/qcalagent1.1.01.1.8
CVEListV5qnap_systems_inc/qcalagent1.1.x1.1.8

🔴Vulnerability Details

2
CVEList
QcalAgent2024-01-05
GHSA
GHSA-4v35-68f6-rfpq: An OS command injection vulnerability has been reported to affect QcalAgent2024-01-05
CVE-2023-41289 — OS Command Injection | cvebase