QNAP NAS Multiple Vulnerabilities
Release Date: 30 Mar 2023
RISK: Medium Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities were identified in QNAP NAS. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution and sensitive information disclosure on the targeted system.
Impact
- Denial of Service
- Elevation of Privilege
- Remote Code Execution
- Information Disclosure
System / Technologies affected
- QTS version prior to 5.0.1.2346 build 20230322
- QuTS hero version prior to h5.0.1.2348 build 20230324
- QuTScloud
- QVP (QVR Pro appliances)
- QVR
- QES
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor:
https://www.qnap.com/en/security-advisory/qsa-23-02
https://www.qnap.com/en/security-advisory/qsa-23-03
https://www.qnap.com/en/security-advisory/qsa-23-06
https://www.qnap.com/en/security-advisory/qsa-23-10
https://www.qnap.com/en/security-advisory/qsa-23-11
https://www.qnap.com/en/security-advisory/qsa-23-15
Vulnerability Identifier
- CVE-2022-3437
- CVE-2022-3592
- CVE-2022-4304
- CVE-2022-4450
- CVE-2022-27597
- CVE-2022-27598
- CVE-2022-42898
- CVE-2023-0215
- CVE-2023-0286
- CVE-2023-22809
- CVE-2023-23355
Source
Related Link
- https://www.qnap.com/en/security-advisory/qsa-23-02
- https://www.qnap.com/en/security-advisory/qsa-23-03
- https://www.qnap.com/en/security-advisory/qsa-23-06
- https://www.qnap.com/en/security-advisory/qsa-23-10
- https://www.qnap.com/en/security-advisory/qsa-23-11
- https://www.qnap.com/en/security-advisory/qsa-23-15
沒有留言:
發佈留言