cvelist/2023/23xxx/CVE-2023-23356.json at 6b37e1e1e00038ad64bb25123eab21139ed0db34 · CVEProject/cvelist · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
{
    "CVE_data_meta": {
        "ASSIGNER": "security@qnap.com",
        "ID": "CVE-2023-23356",
        "STATE": "PUBLIC",
        "TITLE": "QuFirewall"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "QuFirewall",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_value": "2.3.3 ( 2023/03/27 )"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                }
            ]
        }
    },
    "credit": [
        {
            "lang": "eng",
            "value": "Kaibro"
        }
    ],
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability allows remote authenticated administrators to execute arbitrary commands via susceptible QNAP devices. The vulnerability affects the following QNAP operating systems:\nQTS, QuTS hero, QuTScloud\n\nWe have already fixed the vulnerability in the following version:\nQuFirewall 2.3.3 ( 2023/03/27 ) and later\n"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-77"
                    }
                ]
            },
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-78"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "CONFIRM",
                "url": "https://www.qnap.com/en/security-advisory/qsa-23-14"
            }
        ]
    },
    "solution": [
        {
            "lang": "eng",
            "value": "We have already fixed the vulnerability in the following version:\nQuFirewall 2.3.3 ( 2023/03/27 ) and later\n"
        }
    ],
    "source": {
        "advisory": "QSA-23-14",
        "discovery": "EXTERNAL"
    }
}