CVE-2023-32972

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Oct 6, 2023

Updated: Oct 10, 2023

CWE ID 121

CWE ID 787

CWE ID 120

Summary

CVE-2023-32972 is a buffer copy vulnerability that affects several QNAP operating system versions. This issue allows authenticated administrators to execute code via a network by copying unchecked input data into a buffer. The affected versions include QTS 5.0.1, 5.1.0, 4.5.4, QuTS hero h5.0.1, h5.1.0, h4.5.4, and QuTScloud c5.1.0. QNAP has released patches to address this vulnerability in QTS 5.0.1.2425, 5.1.0.2444, 4.5.4.2467, h5.0.1.2515, h5.1.0.2424, h4.5.4.2476, and QuTScloud c5.1.0.2498 and later builds.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

QNAP QTS

Affected Vendors

QNAP Systems

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/s6NDnQ
https://www.cve.org/CVERecord?id=CVE-2023-32972
https://nvd.nist.gov/vuln/detail/CVE-2023-32972

Back to Vulnerability Database