NVD – CVE-2023-23368 – Attack Parakeet

CWE-ID	CWE Name	Source
CWE-78	Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)	QNAP Systems, Inc.

Action	Type	Old Value	New Value
Added	Reference		https://www.qnap.com/en/security-advisory/qsa-23-31

Action	Type	Old Value	New Value
Added	CVSS V3.1		NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Added	CPE Configuration		OR cpe:2.3:o:qnap:qts:4.5.4:-::::::* cpe:2.3:o:qnap:qts:4.5.4.1715:build_20210630::::::* cpe:2.3:o:qnap:qts:4.5.4.1723:build_20210708::::::* cpe:2.3:o:qnap:qts:4.5.4.1741:build_20210726::::::* cpe:2.3:o:qnap:qts:4.5.4.1787:build_20210910::::::* cpe:2.3:o:qnap:qts:4.5.4.1800:build_20210923::::::* cpe:2.3:o:qnap:qts:4.5.4.1892:build_20211223::::::* cpe:2.3:o:qnap:qts:4.5.4.1931:build_20220128::::::* cpe:2.3:o:qnap:qts:4.5.4.2012:build_20220419::::::* cpe:2.3:o:qnap:qts:4.5.4.2117:build_20220802::::::* cpe:2.3:o:qnap:qts:4.5.4.2280:build_20230112::::::*
Added	CPE Configuration		OR cpe:2.3:o:qnap:qts:5.0.1:-::::::* cpe:2.3:o:qnap:qts:5.0.1.2034:build_20220515::::::* cpe:2.3:o:qnap:qts:5.0.1.2079:build_20220629::::::* cpe:2.3:o:qnap:qts:5.0.1.2131:build_20220820::::::* cpe:2.3:o:qnap:qts:5.0.1.2137:build_20220826::::::* cpe:2.3:o:qnap:qts:5.0.1.2145:build_20220903::::::* cpe:2.3:o:qnap:qts:5.0.1.2173:build_20221001::::::* cpe:2.3:o:qnap:qts:5.0.1.2194:build_20221022::::::* cpe:2.3:o:qnap:qts:5.0.1.2234:build_20221201::::::* cpe:2.3:o:qnap:qts:5.0.1.2248:build_20221215::::::* cpe:2.3:o:qnap:qts:5.0.1.2277:build_20230112::::::* cpe:2.3:o:qnap:qts:5.0.1.2346:build_20230322::::::*
Added	CPE Configuration		OR cpe:2.3:o:qnap:quts_hero:h4.5.4.1771:build_20210825::::::* cpe:2.3:o:qnap:quts_hero:h4.5.4.1800:build_20210923::::::* cpe:2.3:o:qnap:quts_hero:h4.5.4.1813:build_20211006::::::* cpe:2.3:o:qnap:quts_hero:h4.5.4.1848:build_20211109::::::* cpe:2.3:o:qnap:quts_hero:h4.5.4.1892:build_20211223::::::* cpe:2.3:o:qnap:quts_hero:h4.5.4.1951:build_20220218::::::* cpe:2.3:o:qnap:quts_hero:h4.5.4.1971:build_20220310::::::* cpe:2.3:o:qnap:quts_hero:h4.5.4.1991:build_20220330::::::* cpe:2.3:o:qnap:quts_hero:h4.5.4.2052:build_20220530::::::* cpe:2.3:o:qnap:quts_hero:h4.5.4.2138:build_20220824::::::* cpe:2.3:o:qnap:quts_hero:h4.5.4.2217:build_20221111::::::* cpe:2.3:o:qnap:quts_hero:h4.5.4.2272:build_20230105::::::*
Added	CPE Configuration		OR cpe:2.3:o:qnap:quts_hero:h5.0.1.2045:build_20220526::::::* cpe:2.3:o:qnap:quts_hero:h5.0.1.2192:build_20221020::::::* cpe:2.3:o:qnap:quts_hero:h5.0.1.2248:build_20221215::::::* cpe:2.3:o:qnap:quts_hero:h5.0.1.2269:build_20230104::::::* cpe:2.3:o:qnap:quts_hero:h5.0.1.2277:build_20230112::::::* cpe:2.3:o:qnap:quts_hero:h5.0.1.2348:build_20230324::::::*
Added	CPE Configuration		OR cpe:2.3:o:qnap:qutscloud:c5.0.1.1949:build_20220218::::::* cpe:2.3:o:qnap:qutscloud:c5.0.1.1998:build_20220408::::::* cpe:2.3:o:qnap:qutscloud:c5.0.1.2044:build_20220524::::::* cpe:2.3:o:qnap:qutscloud:c5.0.1.2148:build_20220905::::::*
Changed	Reference Type	https://www.qnap.com/en/security-advisory/qsa-23-31 No Types Assigned	https://www.qnap.com/en/security-advisory/qsa-23-31 Vendor Advisory

Added

CVSS V3.1

NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Added

CPE Configuration

OR
     *cpe:2.3:o:qnap:qts:4.5.4:-:*:*:*:*:*:*
     *cpe:2.3:o:qnap:qts:4.5.4.1715:build_20210630:*:*:*:*:*:*
     *cpe:2.3:o:qnap:qts:4.5.4.1723:build_20210708:*:*:*:*:*:*
     *cpe:2.3:o:qnap:qts:4.5.4.1741:build_20210726:*:*:*:*:*:*
     *cpe:2.3:o:qnap:qts:4.5.4.1787:build_20210910:*:*:*:*:*:*
     *cpe:2.3:o:qnap:qts:4.5.4.1800:build_20210923:*:*:*:*:*:*
     *cpe:2.3:o:qnap:qts:4.5.4.1892:build_20211223:*:*:*:*:*:*
     *cpe:2.3:o:qnap:qts:4.5.4.1931:build_20220128:*:*:*:*:*:*
     *cpe:2.3:o:qnap:qts:4.5.4.2012:build_20220419:*:*:*:*:*:*
     *cpe:2.3:o:qnap:qts:4.5.4.2117:build_20220802:*:*:*:*:*:*
     *cpe:2.3:o:qnap:qts:4.5.4.2280:build_20230112:*:*:*:*:*:*

Added

CPE Configuration

OR
     *cpe:2.3:o:qnap:qts:5.0.1:-:*:*:*:*:*:*
     *cpe:2.3:o:qnap:qts:5.0.1.2034:build_20220515:*:*:*:*:*:*
     *cpe:2.3:o:qnap:qts:5.0.1.2079:build_20220629:*:*:*:*:*:*
     *cpe:2.3:o:qnap:qts:5.0.1.2131:build_20220820:*:*:*:*:*:*
     *cpe:2.3:o:qnap:qts:5.0.1.2137:build_20220826:*:*:*:*:*:*
     *cpe:2.3:o:qnap:qts:5.0.1.2145:build_20220903:*:*:*:*:*:*
     *cpe:2.3:o:qnap:qts:5.0.1.2173:build_20221001:*:*:*:*:*:*
     *cpe:2.3:o:qnap:qts:5.0.1.2194:build_20221022:*:*:*:*:*:*
     *cpe:2.3:o:qnap:qts:5.0.1.2234:build_20221201:*:*:*:*:*:*
     *cpe:2.3:o:qnap:qts:5.0.1.2248:build_20221215:*:*:*:*:*:*
     *cpe:2.3:o:qnap:qts:5.0.1.2277:build_20230112:*:*:*:*:*:*
     *cpe:2.3:o:qnap:qts:5.0.1.2346:build_20230322:*:*:*:*:*:*

Added

CPE Configuration

OR
     *cpe:2.3:o:qnap:quts_hero:h4.5.4.1771:build_20210825:*:*:*:*:*:*
     *cpe:2.3:o:qnap:quts_hero:h4.5.4.1800:build_20210923:*:*:*:*:*:*
     *cpe:2.3:o:qnap:quts_hero:h4.5.4.1813:build_20211006:*:*:*:*:*:*
     *cpe:2.3:o:qnap:quts_hero:h4.5.4.1848:build_20211109:*:*:*:*:*:*
     *cpe:2.3:o:qnap:quts_hero:h4.5.4.1892:build_20211223:*:*:*:*:*:*
     *cpe:2.3:o:qnap:quts_hero:h4.5.4.1951:build_20220218:*:*:*:*:*:*
     *cpe:2.3:o:qnap:quts_hero:h4.5.4.1971:build_20220310:*:*:*:*:*:*
     *cpe:2.3:o:qnap:quts_hero:h4.5.4.1991:build_20220330:*:*:*:*:*:*
     *cpe:2.3:o:qnap:quts_hero:h4.5.4.2052:build_20220530:*:*:*:*:*:*
     *cpe:2.3:o:qnap:quts_hero:h4.5.4.2138:build_20220824:*:*:*:*:*:*
     *cpe:2.3:o:qnap:quts_hero:h4.5.4.2217:build_20221111:*:*:*:*:*:*
     *cpe:2.3:o:qnap:quts_hero:h4.5.4.2272:build_20230105:*:*:*:*:*:*

Added

CPE Configuration

OR
     *cpe:2.3:o:qnap:quts_hero:h5.0.1.2045:build_20220526:*:*:*:*:*:*
     *cpe:2.3:o:qnap:quts_hero:h5.0.1.2192:build_20221020:*:*:*:*:*:*
     *cpe:2.3:o:qnap:quts_hero:h5.0.1.2248:build_20221215:*:*:*:*:*:*
     *cpe:2.3:o:qnap:quts_hero:h5.0.1.2269:build_20230104:*:*:*:*:*:*
     *cpe:2.3:o:qnap:quts_hero:h5.0.1.2277:build_20230112:*:*:*:*:*:*
     *cpe:2.3:o:qnap:quts_hero:h5.0.1.2348:build_20230324:*:*:*:*:*:*

Added

CPE Configuration

OR
     *cpe:2.3:o:qnap:qutscloud:c5.0.1.1949:build_20220218:*:*:*:*:*:*
     *cpe:2.3:o:qnap:qutscloud:c5.0.1.1998:build_20220408:*:*:*:*:*:*
     *cpe:2.3:o:qnap:qutscloud:c5.0.1.2044:build_20220524:*:*:*:*:*:*
     *cpe:2.3:o:qnap:qutscloud:c5.0.1.2148:build_20220905:*:*:*:*:*:*

Changed

Reference Type

https://www.qnap.com/en/security-advisory/qsa-23-31 No Types Assigned

https://www.qnap.com/en/security-advisory/qsa-23-31 Vendor Advisory

NVD – CVE-2023-23368

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Change History

CVE Modified by CVE 11/21/2024 2:46:02 AM

CVE Modified by QNAP Systems, Inc. 5/14/2024 8:23:05 AM

Initial Analysis by NIST 11/15/2023 11:28:56 AM

Quick Info

NVD – CVE-2023-23368

CVE-2023-23368 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Change History

CVE Modified by CVE 11/21/2024 2:46:02 AM

CVE Modified by QNAP Systems, Inc. 5/14/2024 8:23:05 AM

Initial Analysis by NIST 11/15/2023 11:28:56 AM

Quick Info