Strix
26.1K

CVE-2023-47567

HIGHCVSS 7.2/10EPSS 1.11%

Last modified

CVE-2023-47567 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later . EPSS estimates a 1.11% chance of exploitation in the next 30 days.

Description

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later

Metrics

CVSS 3.1
7.2/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
1.11%

61.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
QnapQts4.5.4.1715Build 20210630
QnapQts4.5.4.1723Build 20210708
QnapQts4.5.4.1741Build 20210726
QnapQts4.5.4.1787Build 20210910
QnapQts4.5.4.1800Build 20210923
QnapQts4.5.4.1892Build 20211223
QnapQts4.5.4.1931Build 20220128
QnapQts4.5.4.2012Build 20220419
QnapQts4.5.4.2117Build 20220802
QnapQts4.5.4.2280Build 20230112
QnapQts4.5.4.2374Build 20230416
QnapQts4.5.4.2627
QnapQts5.1.0.2348Build 20230325
QnapQts5.1.0.2399Build 20230515
QnapQts5.1.0.2418Build 20230603
QnapQts5.1.0.2444Build 20230629
QnapQts5.1.0.2466Build 20230721
QnapQts5.1.1.2491Build 20230815
QnapQts5.1.2.2533Build 20230926
QnapQts5.1.3.2578Build 20231110
QnapQts5.1.4.2596Build 20231128
QnapQts5.1.5.2645
QnapQuts Heroh4.5.4.1771Build 20210825
QnapQuts Heroh4.5.4.1800Build 20210923
QnapQuts Heroh4.5.4.1813Build 20211006
QnapQuts Heroh4.5.4.1848Build 20211109
QnapQuts Heroh4.5.4.1892Build 20211223
QnapQuts Heroh4.5.4.1951Build 20220218
QnapQuts Heroh4.5.4.1971Build 20220310
QnapQuts Heroh4.5.4.1991Build 20220330
QnapQuts Heroh4.5.4.2052Build 20220530
QnapQuts Heroh4.5.4.2138Build 20220824
QnapQuts Heroh4.5.4.2217Build 20221111
QnapQuts Heroh4.5.4.2272Build 20230105
QnapQuts Heroh4.5.4.2374Build 20230417
QnapQuts Heroh4.5.4.2476Build 20230728
QnapQuts Heroh4.5.4.2626
QnapQuts Heroh5.1.0.2409Build 20230525
QnapQuts Heroh5.1.0.2424Build 20230609
QnapQuts Heroh5.1.0.2453Build 20230708
QnapQuts Heroh5.1.0.2466Build 20230721
QnapQuts Heroh5.1.1.2488Build 20230812
QnapQuts Heroh5.1.2.2534Build 20230927
QnapQuts Heroh5.1.3.2578Build 20231110
QnapQuts Heroh5.1.4.2596Build 20231128
QnapQuts Heroh5.1.5.2647
QnapQutscloudc5.1.0.2498Build 20230822

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-47567?
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later
How severe is CVE-2023-47567?
CVE-2023-47567 has a CVSS score of 7.2/10 (HIGH severity). The EPSS model estimates a 1.11% probability of exploitation in the next 30 days.
How do I fix CVE-2023-47567?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-47567?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST