CVE-2023-39300
Essential information
- Published
- 06/09/2024 17:15
- Modified
- 24/09/2024 16:42
- Author
- —
- Creator
- —
- CVSS
- 7.2 HIGH (v3.1)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H—
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- NETWORK
- Attack complexity
- LOW
- Privileges required
- HIGH
- User interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality impact
- HIGH
- Integrity impact
- HIGH
- Availability impact
- HIGH
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Attack requirements
- —
- Privileges required
- —
- User interaction
- —
- Confidentiality (V)
- —
- Confidentiality (S)
- —
- Integrity (V)
- —
- Integrity (S)
- —
- Availability (V)
- —
- Availability (S)
- —
- Exploit maturity
- —
Description
An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 4.3.6.2805 build 20240619 and later
QTS 4.3.4.2814 build 20240618 and later
QTS 4.3.3.2784 build 20240619 and later
QTS 4.2.6 build 20240618 and later
NVD status
- Status
- Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.6.0895:build_20190328:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.6.0907:build_20190409:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.6.0923:build_20190425:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.6.0944:build_20190516:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.6.0959:build_20190531:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.6.0979:build_20190620:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.6.0993:build_20190704:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.6.1013:build_20190724:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.6.1033:build_20190813:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.6.1070:build_20190919:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.6.1154:build_20191212:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.6.1218:build_20200214:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.6.1263:build_20200330:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.6.1286:build_20200422:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.6.1333:build_20200608:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.6.1411:build_20200825:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.6.1446:build_20200929:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.6.1620:build_20210322:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.6.1663:build_20210504:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.6.1711:build_20210621:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.6.1750:build_20210730:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.6.1831:build_20211019:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.6.1907:build_20220103:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.6.1965:build_20220302:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.6.2050:build_20220526:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.6.2232:build_20221124:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.6.2441:build_20230621:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.6.2665:build_20240131:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.4.0899:build_20190322:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.4.1029:build_20190730:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.4.1082:build_20190921:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.4.1190:build_20200107:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.4.1282:build_20200408:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.4.1368:build_20200703:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.4.1417:build_20200821:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.4.1463:build_20201006:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.4.1632:build_20210324:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.4.1652:build_20210413:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.4.1976:build_20220303:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.4.2107:build_20220712:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.4.2242:build_20221124:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.4.2451:build_20230621:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.4.2675:build_20240131:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.3.0174:build_20170503:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.3.0868:build_20190322:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.3.0998:build_20190730:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.3.1051:build_20190921:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.3.1098:build_20191107:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.3.1161:build_20200109:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.3.1252:build_20200409:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.3.1315:build_20200611:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.3.1386:build_20200821:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.3.1432:build_20201006:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.3.1624:build_20210416:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.3.1677:build_20210608:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.3.1693:build_20210624:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.3.1799:build_20211008:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.3.1864:build_20211212:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.3.1945:build_20220303:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.3.2057:build_20220623:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.3.2211:build_20221124:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.3.2420:build_20230621:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.3.3.2644:build_20240131:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.2.6:build_20170517:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.2.6:build_20190322:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.2.6:build_20190730:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.2.6:build_20190921:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.2.6:build_20191107:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.2.6:build_20200109:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.2.6:build_20200421:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.2.6:build_20200611:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.2.6:build_20200821:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.2.6:build_20210327:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.2.6:build_20211215:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.2.6:build_20220304:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.2.6:build_20220623:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.2.6:build_20221028:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.2.6:build_20230621:*:*:*:*:*:* |
| qnap / qts | cpe:2.3:o:qnap:qts:4.2.6:build_20240131:*:*:*:*:*:* |