CVE-2023-51366Path Traversal in Systems INC QTS

CWE-22Path Traversal3 documents3 sources
Severity
6.5MEDIUMNVD
CNA8.7
EPSS
0.3%
top 48.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Qnap Systems INC QTSQnap QTSQnap Quts Hero
Timeline
PublishedSep 6

Description

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDqnap/quts_hero10 versions+9
CVEListV5qnap_systems_inc/qts5.1.x5.1.6.2722 build 20240402
NVDqnap/qts11 versions+10

🔴Vulnerability Details

2
GHSA
GHSA-vpgf-5c72-x83x: A path traversal vulnerability has been reported to affect several QNAP operating system versions2024-09-06
CVEList
QTS, QuTS hero2024-09-06
CVE-2023-51366 — Path Traversal in Qnap Systems INC QTS | cvebase