Strix
26.1K

CVE-2023-32967

MEDIUMCVSS 6.5/10EPSS 0.33%

Last modified

CVE-2023-32967 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. QTS 5.x, QuTS hero are not affected. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651 and later QTS 4.5.4.2627 build 20231225 and later . EPSS estimates a 0.33% chance of exploitation in the next 30 days.

Description

An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. QTS 5.x, QuTS hero are not affected. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651 and later QTS 4.5.4.2627 build 20231225 and later

Metrics

CVSS 3.1
6.5/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS Probability
0.33%

24.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
QnapQts4.5.4.1715Build 20210630
QnapQts4.5.4.1723Build 20210708
QnapQts4.5.4.1741Build 20210726
QnapQts4.5.4.1787Build 20210910
QnapQts4.5.4.1800Build 20210923
QnapQts4.5.4.1892Build 20211223
QnapQts4.5.4.1931Build 20220128
QnapQts4.5.4.2012Build 20220419
QnapQts4.5.4.2117Build 20220802
QnapQts4.5.4.2280Build 20230112
QnapQts4.5.4.2374Build 20230416
QnapQts4.5.4.2627
QnapQutscloudc5.1.0.2498Build 20230822

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-32967?
An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. QTS 5.x, QuTS hero are not affected. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651 and later QTS 4.5.4.2627 build 20231225 and later
How severe is CVE-2023-32967?
CVE-2023-32967 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 0.33% probability of exploitation in the next 30 days.
How do I fix CVE-2023-32967?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-32967?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST