What are you looking for ?
Advertise with us
RAIDON

Qnap Security Advisories Bulletin ID: QSA-23-18, QSA-23-19 and QSA-23-21

Concerning resolved vulnerabilities in QTS, QuTS hero, and QuTScloud NAS OSs

Qnap Systems, Inc. had published security enhancement against security vulnerabilities that could affect specific versions of the company products.

Use the following information and solutions to correct the security issues and vulnerabilities.

Advisory includes following:

Vulnerability in QTS, QuTS hero, and QuTScloud
Security ID: QSA-23-18
Release date: September 16, 2023
Severity: High
CVE identifier: CVE-2023-23362

Affected products

  • QTS 5.0.1, 4.5.4; QuTS hero h5.0.1, h4.5.4; QuTScloud c5.0.1

Summary
An OS command injection vulnerability has been reported to affect certain Qnap OSs. If exploited, the vulnerability allows authenticated users to execute commands via network vector.

The company have already fixed the vulnerability in following versions:

  • QTS 5.0.1.2376 build 20230421 and later
  • QTS 4.5.4.2374 build 20230416 and later
  • QuTS hero h5.0.1.2376 build 20230421 and later
  • QuTS hero h4.5.4.2374 build 20230417 and later
  • QuTScloud c5.0.1.2374 and later

Vulnerabilities in QTS, QuTS hero and QuTScloud
Security ID: QSA-23-19
Release date: September 16, 2023
Severity: Medium
CVE identifier: CVE-2023-23358 | CVE-2023-23359

Affected products

  • QTS 5.0.1, 4.5.4; QuTS hero h5.0.1, h4.5.4; QuTScloud c5.0.1

Summary
Two out-of-bounds write vulnerabilities have been reported to affect multiple Qnap OSs. If exploited, the vulnerabilities allow authenticated users to launch a denial-of-service (DoS) attack via network vector.

The company have already fixed the vulnerability in following OSs versions:

  • QTS 5.0.1.2346 build 20230322 and later
  • QTS 4.5.4.2374 build 20230416 and later
  • QuTS hero h5.0.1.2348 build 20230324 and later
  • QuTS hero h4.5.4.2374 build 20230417 and later
  • QuTScloud c5.0.1.2374 and later

Vulnerabilities in QTS, QuTS hero, QuTScloud
Security ID: QSA-23-21
Release date: September 16, 2023
Severity: Medium
CVE identifier: CVE-2023-23360 | CVE-2023-23361

Affected products

  • QTS 5.0.1, 4.5.4; QuTS hero h5.0.1, h4.5.4; QuTScloud c5.0.1

Summary
Two NULL pointer dereference vulnerabilities have been reported to affect multiple Qnap OSs. If exploited, the vulnerabilities allow authenticated users to launch a denial-of-service (DoS) attack via network vector.

The company have already fixed the vulnerabilities in the following OSs versions:

  • QTS 5.0.1.2346 build 20230322 and later
  • QTS 4.5.4.2374 build 20230416 and later
  • QuTS hero h5.0.1.2348 build 20230324 and later
  • QuTS hero h4.5.4.2374 build 20230417 and later
  • QuTScloud c5.0.1.2374 and later
Questions regarding this issue, contact the company
Articles_bottom
ExaGrid
AIC
ATTOtarget="_blank"
OPEN-E