| CVE-2023-23369 | Date: (C)2023-11-04 (M)2023-11-24 |
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
Multimedia Console 2.1.2 ( 2023/05/04 ) and later
Multimedia Console 1.4.8 ( 2023/05/05 ) and later
QTS 5.1.0.2399 build 20230515 and later
QTS 4.3.6.2441 build 20230621 and later
QTS 4.3.4.2451 build 20230621 and later
QTS 4.3.3.2420 build 20230621 and later
QTS 4.2.6 build 20230621 and later
Media Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later
Media Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later
CVSS Score and Metrics +CVSS Score and Metrics -| CVSS V3 Severity: | CVSS V2 Severity: |
| CVSS Score : 9.8 | CVSS Score : |
| Exploit Score: 3.9 | Exploit Score: |
| Impact Score: 5.9 | Impact Score: |
| |
| CVSS V3 Metrics: | CVSS V2 Metrics: |
| Attack Vector: NETWORK | Access Vector: |
| Attack Complexity: LOW | Access Complexity: |
| Privileges Required: NONE | Authentication: |
| User Interaction: NONE | Confidentiality: |
| Scope: UNCHANGED | Integrity: |
| Confidentiality: HIGH | Availability: |
| Integrity: HIGH | |
| Availability: HIGH | |
| | |
