CVE-2023-39301

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Nov 3, 2023

Updated: Nov 14, 2023

CWE ID 918

Summary

CVE-2023-39301 is a newly discovered server-side request forgery (SSRF) vulnerability affecting several QNAP operating system versions. This issue enables authenticated users to read application data over a network. The impacted versions include QTS 5.0.1.2514, QTS 5.1.1.2491, QuTS hero h5.0.1.2515, QuTS hero h5.1.1.2488, and QuTScloud c5.1.0.2498. QNAP has released patches for these versions to mitigate this vulnerability. Users are strongly advised to update their systems to the recommended builds to protect against potential misuse.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

QNAP QTS
QNAP QuTScloud

Affected Vendors

QNAP Systems

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sIbUOp
https://www.cve.org/CVERecord?id=CVE-2023-39301
https://nvd.nist.gov/vuln/detail/CVE-2023-39301

Back to Vulnerability Database