CVE-2023-23355

MEDIUM

Published 2023-03-29T04:02:59.944Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-23355. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1

6.6

/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14

0.003

probability

of exploitation in the wild

There is a 0.3% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25

Exploit Probability

Percentile: 0.553

Higher than 55.3% of all CVEs

Attack Vector Metrics

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Impact Metrics

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Description

An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote authenticated administrators to execute commands via unspecified vectors.
QES is not affected.

We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2346 build 20230322 and later
QTS 4.5.4.2374 build 20230416 and later
QuTS hero h5.0.1.2348 build 20230324 and later
QuTS hero h4.5.4.2374 build 20230417 and later
QuTScloud c5.0.1.2374 and later

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

QNAP Systems Inc.

QTS

Affected Versions:

5.0.* 4.5.*

QNAP Systems Inc.

QuTS hero

Affected Versions:

h5.0.* h4.5.*

QNAP Systems Inc.

QuTScloud

Affected Versions:

c5.0.1

QNAP Systems Inc.

QES

Affected Versions:

2.2.0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-vf28-x3q6-9qg2

Advisory Details

A vulnerability has been reported to affect multiple QNAP operating systems. If exploited, the vulnerability allows remote authenticated users to execute arbitrary commands via susceptible QNAP devices. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances), QVR. We have already fixed the vulnerability in the following operating system versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later

CVSS Scoring

CVSS Score

7.5

CVSS Vector


                                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-23355

WEB https://www.qnap.com/en/security-advisory/qsa-23-10

Advisory provided by GitHub Security Advisory Database. Published: March 29, 2023, Modified: April 6, 2023

References

https://www.qnap.com/en/security-advisory/qsa-23-10

Published: 2023-03-29T04:02:59.944Z

Last Modified: 2025-02-12T16:49:09.437Z

Copied to clipboard!

CVE-2023-23355

Expert Analysis

CVSS Score

EPSS Score

Attack Vector Metrics

Impact Metrics

Description

Available Exploits

Related News

Affected Products

QTS

Affected Versions:

QuTS hero

Affected Versions:

QuTScloud

Affected Versions:

QES

Affected Versions:

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!