Security Alert (A23-03-18): Multiple Vulnerabilities in QNAP Products


 

Published on: 30 March 2023

  
  

Description:

QNAP has published security advisories to address multiple vulnerabilities in QNAP products. The details of the security updates can be found at:
https://www.qnap.com/en/security-advisory/QSA-23-02
https://www.qnap.com/en/security-advisory/QSA-23-03
https://www.qnap.com/en/security-advisory/QSA-23-06
https://www.qnap.com/en/security-advisory/QSA-23-10
https://www.qnap.com/en/security-advisory/QSA-23-11
https://www.qnap.com/en/security-advisory/QSA-23-15

 

Affected Systems:

  • QNAP NAS devices running QTS operating system
  • QNAP NAS devices running QuTS hero operating system
  • QNAP Enterprise Storage (QES)
  • QNAP QuTScloud
  • QNAP QVR
  • QNAP QVR Pro appliances (QVP)

For detailed information of the affected products, please refer to the corresponding security advisory at vendor's website.

 

Impact:

Depending on the vulnerabilities being exploited, a successful exploitation could lead to remote code execution, denial of service, information disclosure, privilege escalation or security restriction bypass on an affected system.

 

Recommendation:

Patches for affected products are available. System administrators of affected products should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://www.qnap.com/en/security-advisory/QSA-23-02
  • https://www.qnap.com/en/security-advisory/QSA-23-03
  • https://www.qnap.com/en/security-advisory/QSA-23-06
  • https://www.qnap.com/en/security-advisory/QSA-23-10
  • https://www.qnap.com/en/security-advisory/QSA-23-11
  • https://www.qnap.com/en/security-advisory/QSA-23-15
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3592
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27597 (to CVE-2022-27598)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22809
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23355


Tag: QNAP , QTS , QuTS hero , QES , QuTScloud , QVR
Tags