CVE-2023-39302
CVSS 3.1 Score 7.2 of 10 (high)
Details
Published Feb 2, 2024
Updated: Feb 6, 2024
CWE ID 78
Summary
CVE-2023-39302 is a newly discovered OS command injection vulnerability that affects several QNAP operating system versions. This issue allows authenticated administrators to inject commands over a network, potentially leading to serious security consequences. The affected versions include QTS 5.1.3.2578, QuTS hero h5.1.3.2578, and QuTScloud c5.1.5.2651. QNAP has already released patches for these vulnerabilities, and users are strongly encouraged to update their systems to the latest versions to mitigate the risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- QNAP QTS
Affected Vendors
- QNAP Systems