CVE-2023-23367

Name: CVE-2023-23367
Creator: NVD / NIST
Published: 2023-11-10T15:15:08.19+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.2/10EPSS 1.50%

Last modified Jun 17, 2026

CVE-2023-23367 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTScloud c5.1.0.2498 and later . EPSS estimates a 1.50% chance of exploitation in the next 30 days.

Description

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTScloud c5.1.0.2498 and later

Metrics

CVSS 3.1

7.2/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

1.50%

70.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-78

Affected Software

Vendor	Product	Versions	Update
Qnap	Qts	5.0.0.1716	Build 20210701
Qnap	Qts	5.0.0.1785	Build 20210908
Qnap	Qts	5.0.0.1808	Build 20211001
Qnap	Qts	5.0.0.1828	Build 20211020
Qnap	Qts	5.0.0.1837	Build 20211029
Qnap	Qts	5.0.0.1850	Build 20211111
Qnap	Qts	5.0.0.1853	Build 20211114
Qnap	Qts	5.0.0.1858	Build 20211119
Qnap	Qts	5.0.0.1870	Build 20211201
Qnap	Qts	5.0.1.2034	Build 20220515
Qnap	Qts	5.0.1.2079	Build 20220629
Qnap	Qts	5.0.1.2131	Build 20220820
Qnap	Qts	5.0.1.2137	Build 20220826
Qnap	Qts	5.0.1.2145	Build 20220903
Qnap	Qts	5.0.1.2173	Build 20221001
Qnap	Qts	5.0.1.2194	Build 20221022
Qnap	Qts	5.0.1.2234	Build 20221201
Qnap	Qts	5.0.1.2248	Build 20221215
Qnap	Qts	5.0.1.2277	Build 20230112
Qnap	Qts	5.0.1.2346	Build 20230322
Qnap	Quts Hero	h5.0.0.1772	Build 20210826
Qnap	Quts Hero	h5.0.0.1844	Build 20211105
Qnap	Quts Hero	h5.0.0.1856	Build 20211117
Qnap	Quts Hero	h5.0.0.1892	Build 20211222
Qnap	Quts Hero	h5.0.0.1900	Build 20211228
Qnap	Quts Hero	h5.0.0.1949	Build 20220215
Qnap	Quts Hero	h5.0.0.1986	Build 20220324
Qnap	Quts Hero	h5.0.0.2022	Build 20220428
Qnap	Quts Hero	h5.0.0.2069	Build 20220614
Qnap	Quts Hero	h5.0.0.2120	Build 20220804
Qnap	Quts Hero	h5.0.1.2045	Build 20220526
Qnap	Quts Hero	h5.0.1.2192	Build 20221020
Qnap	Quts Hero	h5.0.1.2248	Build 20221215
Qnap	Quts Hero	h5.0.1.2269	Build 20230104
Qnap	Quts Hero	h5.0.1.2277	Build 20230112
Qnap	Quts Hero	h5.0.1.2348	Build 20230324
Qnap	Qutscloud	c5.0.0.1919	Build 20220119
Qnap	Qutscloud	c5.0.1.1949	Build 20220218
Qnap	Qutscloud	c5.0.1.1998	Build 20220408
Qnap	Qutscloud	c5.0.1.2044	Build 20220524
Qnap	Qutscloud	c5.0.1.2148	Build 20220905
Qnap	Qutscloud	c5.0.1.2374	Build 20230419

References

https://www.qnap.com/en/security-advisory/qsa-23-24Vendor Advisory
https://www.qnap.com/en/security-advisory/qsa-23-24Vendor Advisory

Timeline

Published: Nov 10, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-23367?

How severe is CVE-2023-23367?

CVE-2023-23367 has a CVSS score of 7.2/10 (HIGH severity). The EPSS model estimates a 1.50% probability of exploitation in the next 30 days.

How do I fix CVE-2023-23367?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-23367?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST