CVE-2023-47567

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-47567
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later

7.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.qnap.com/en/security-advisory/qsa-24-05 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:qnap:qts:4.5.4.1715:build_20210630:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.1723:build_20210708:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.1741:build_20210726:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.1787:build_20210910:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.1800:build_20210923:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.1892:build_20211223:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.1931:build_20220128:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.2012:build_20220419:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.2117:build_20220802:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.2280:build_20230112:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.2374:build_20230416:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.2627:-:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.1.5.2645:-:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.1771:build_20210825:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.1800:build_20210923:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.1813:build_20211006:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.1848:build_20211109:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.1892:build_20211223:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.1951:build_20220218:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.1971:build_20220310:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.1991:build_20220330:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.2052:build_20220530:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.2138:build_20220824:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.2217:build_20221111:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.2272:build_20230105:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.2374:build_20230417:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.2476:build_20230728:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.2626:-:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:build_20231128:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.1.5.2647:-:*:*:*:*:*:*
cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*
History

08 Feb 2024, 03:44

Type Values Removed Values Added
First Time Qnap
Qnap qts
Qnap quts Hero
Qnap qutscloud
References () https://www.qnap.com/en/security-advisory/qsa-24-05 - () https://www.qnap.com/en/security-advisory/qsa-24-05 - Vendor Advisory
CVSS v2 : unknown
v3 : 4.7 		v2 : unknown
v3 : 7.2
CPE cpe:2.3:o:qnap:quts_hero:h4.5.4.2052:build_20220530:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.1892:build_20211223:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.2272:build_20230105:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.2626:-:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.1848:build_20211109:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.1951:build_20220218:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.2374:build_20230416:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.1892:build_20211223:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.1813:build_20211006:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.1971:build_20220310:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.2117:build_20220802:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.1771:build_20210825:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.1723:build_20210708:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.1800:build_20210923:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.2627:-:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.2138:build_20220824:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.1931:build_20220128:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.2217:build_20221111:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:build_20231128:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.2280:build_20230112:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.1741:build_20210726:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.1787:build_20210910:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.2374:build_20230417:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.1.5.2647:-:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.1991:build_20220330:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.1715:build_20210630:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.2476:build_20230728:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.1.5.2645:-:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.1800:build_20210923:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*
cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.2012:build_20220419:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*

02 Feb 2024, 16:30

Type Values Removed Values Added
New CVE
Information

Published : 2024-02-02 16:15

Updated : 2024-02-08 03:44

NVD link : CVE-2023-47567

Mitre link : CVE-2023-47567

CVE.ORG link : CVE-2023-47567

JSON object : View

Products Affected

qnap

  • quts_hero
  • qutscloud
  • qts
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')