CVE-2023-39302

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Feb 2, 2024

Updated: Feb 6, 2024

CWE ID 78

Summary

CVE-2023-39302 is a newly discovered OS command injection vulnerability that affects several QNAP operating system versions. This issue allows authenticated administrators to inject commands over a network, potentially leading to serious security consequences. The affected versions include QTS 5.1.3.2578, QuTS hero h5.1.3.2578, and QuTScloud c5.1.5.2651. QNAP has already released patches for these vulnerabilities, and users are strongly encouraged to update their systems to the latest versions to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

QNAP QTS

Affected Vendors

QNAP Systems

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sIbUOb
https://www.cve.org/CVERecord?id=CVE-2023-39302
https://nvd.nist.gov/vuln/detail/CVE-2023-39302

Back to Vulnerability Database