Qnap Three Security Advisories for Resolved Vulnerabilities
Concerning QTS and QuTS hero NAS OSs, and Samba
This is a Press Release edited by StorageNewsletter.com on December 12, 2023 at 2:01 pmQnap Systems, Inc. had published security enhancement against security vulnerabilities that could affect specific versions of Qnap products.
Use the following information and solutions to correct the security issues and vulnerabilities.
This advisory includes following:
Multiple vulnerabilities in QTS and QuTS hero
Security ID: QSA-23-07
Release date: December 9, 2023
CVE identifier: CVE-2023-32968 | CVE-2023-32975
Severity: Medium
Status: Resolved
Affected products: QTS 5.1.x, 5.0.x; QuTS hero h5.1.x, h5.0.x
Summary
Two buffer copy without checking size of input vulnerabilities have been reported to affect several Qnap OSs versions. If exploited, these vulnerabilities could allow authenticated administrators to execute code via a network.
The company have already fixed vulnerabilities in following versions:
|
Affected product |
Fixed version |
|
QTS 5.1.x |
QTS 5.1.2.2533 build 20230926 and later |
|
QTS 5.0.x |
QTS 5.0.1.2514 build 20230906 and later |
|
QuTS hero h5.1.x |
QuTS hero h5.1.2.2534 build 20230927 and later |
|
QuTS hero h5.0.x |
QuTS hero h5.0.1.2515 build 20230907 and later |
Check this security advisory regularly for updates and promptly update your OS to the latest recommended version as soon as it is available.
Vulnerabilities in Samba
Security ID: QSA-23-20
Release date: December 9, 2023
CVE identifier: CVE-2023-4154 | CVE-2023-42669 | CVE-2023-4091 | CVE-2023-3961 | CVE-2023-42670
Severity: Medium
Status: Resolved
Affected products: QTS 5.1.x, QuTS hero h5.1.x
Summary
Multiple vulnerabilities have been reported in Samba, which affect certain Qnap OSs versions.
The company have already fixed vulnerabilities in following versions:
|
Affected product |
Fixed version |
|
QTS 5.1.x |
QTS 5.1.3.2578 build 20231110 and later |
|
QuTS hero h5.1.x |
QuTS hero h5.1.3.2578 build 20231110 and later |
Vulnerability in QTS and QuTS hero
Security ID: QSA-23-40
Release date: December 9, 2023
CVE identifier: CVE-2023-23372
Severity: Medium
Status: Resolved
Affected products: QTS 5.1.x, 5.0.x, 4.5.x; QuTS hero h5.1.x, h5.0.x, h4.5.x
Summary
A cross-site scripting (XSS) vulnerability has been reported to affect several Qnap OSs versions. If exploited, the vulnerability could allow users to inject malicious code via a network.
The company have already fixed or are currently fixing vulnerability in following versions:
|
Affected product |
Fixed version |
|
QTS 5.1.x |
QTS 5.1.0.2444 build 20230629 and later |
|
QTS 5.0.x |
QTS 5.0.1.2425 build 20230609 and later |
|
QTS 4.5.x |
QTS 4.5.4.2467 build 20230718 and later |
|
QuTS hero h5.1.x |
QuTS hero h5.1.0.2424 build 20230609 and later |
|
QuTS hero h5.0.x |
QuTS hero h5.0.1.2515 build 20230907 and later |
|
QuTS hero h4.5.x |
QuTS hero h4.5.4.2476 build 20230728 and later |
Check this security advisory regularly for updates and promptly update your OS to the latest recommended version as soon as it is available.
Subscribe to our free daily newsletter
