CVE-2023-47218
5.8 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
8.2 High
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:H/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
69.7%
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QuTS hero h5.1.5.2647 build 20240118 and later
QuTScloud c5.1.5.2651 and later
References
Social References
More
Related
5.8 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
8.2 High
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:H/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
69.7%