QNAP NAS Multiple Vulnerabilities
Release Date: 16 Oct 2023
RISK: Medium Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities were identified in QNAP NAS. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, denial of service and information disclosure on the targeted system.
Impact
- Remote Code Execution
- Denial of Service
- Information Disclosure
System / Technologies affected
- QTS version prior to 5.1.0.2444 build 20230629
- QTS version prior to 5.0.1.2425 build 20230609
- QTS version prior to 4.5.4.2467 build 20230718
- QuTS hero version prior to h5.1.0.2424 build 20230609
- QuTS hero version prior to h5.0.1.2515 build 20230907
- QuTS hero version prior to h4.5.4.2476 build 20230728
- QuTScloud version prior to c5.1.0.2498
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor:
https://www.qnap.com/en/security-advisory/QSA-23-41
https://www.qnap.com/en/security-advisory/QSA-23-42
沒有留言:
發佈留言