Dhiyaneshwaran
parent
759644dc3c
commit
d03779f557
|
|
@ -3,7 +3,7 @@ id: CVE-2023-47218
|
|||
info:
|
||||
name: QNAP QTS and QuTS Hero - OS Command Injection
|
||||
author: ritikchaddha
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later.
|
||||
reference:
|
||||
|
|
@ -11,14 +11,11 @@ info:
|
|||
- https://twitter.com/win3zz/status/1760224052289888668/photo/3
|
||||
- https://www.rapid7.com/blog/post/2024/02/13/cve-2023-47218-qnap-qts-and-quts-hero-unauthenticated-command-injection-fixed/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2023-47218
|
||||
- https://www.qnap.com/en/security-advisory/qsa-23-57
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||
cvss-score: 5.8
|
||||
cvss-metrics: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 8.3
|
||||
cwe-id: CWE-78
|
||||
cve-id: CVE-2023-47218
|
||||
cwe-id: CWE-77
|
||||
epss-score: 0.01317
|
||||
epss-percentile: 0.8569
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 2
|
||||
|
|
|
|||
Loading…
Reference in New Issue