{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-23356", "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f", "state": "PUBLISHED", "assignerShortName": "qnap", "dateReserved": "2023-01-11T20:15:53.084Z", "datePublished": "2024-12-19T01:39:15.645Z", "dateUpdated": "2024-12-24T00:41:02.334Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "QuFirewall", "vendor": "QNAP Systems Inc.", "versions": [{"lessThan": "2.3.3 ( 2023/03/27 )", "status": "affected", "version": "2.3.x", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Kaibro"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands.<br><br>We have already fixed the vulnerability in the following versions:<br>QuFirewall 2.3.3 ( 2023/03/27 ) and later<br> and later<br>"}], "value": "A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following versions:\nQuFirewall 2.3.3 ( 2023/03/27 ) and later\n and later"}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "description": "CWE-77", "lang": "en", "type": "CWE"}, {"cweId": "CWE-78", "description": "CWE-78", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2fd009eb-170a-4625-932b-17a53af1051f", "shortName": "qnap", "dateUpdated": "2024-12-19T01:39:15.645Z"}, "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-23-14"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "We have already fixed the vulnerability in the following versions:<br>QuFirewall 2.3.3 ( 2023/03/27 ) and later<br>"}], "value": "We have already fixed the vulnerability in the following versions:\nQuFirewall 2.3.3 ( 2023/03/27 ) and later"}], "source": {"advisory": "QSA-23-14", "discovery": "EXTERNAL"}, "title": "QuFirewall", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-24T00:31:36.092349Z", "id": "CVE-2023-23356", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-24T00:41:02.334Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-23356", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-24T00:31:36.092349Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-24T00:31:37.392Z"}}], "cna": {"title": "QuFirewall", "source": {"advisory": "QSA-23-14", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Kaibro"}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "QNAP Systems Inc.", "product": "QuFirewall", "versions": [{"status": "affected", "version": "2.3.x", "lessThan": "2.3.3 ( 2023/03/27 )", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "We have already fixed the vulnerability in the following versions:\nQuFirewall 2.3.3 ( 2023/03/27 ) and later", "supportingMedia": [{"type": "text/html", "value": "We have already fixed the vulnerability in the following versions:<br>QuFirewall 2.3.3 ( 2023/03/27 ) and later<br>", "base64": false}]}], "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-23-14"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following versions:\nQuFirewall 2.3.3 ( 2023/03/27 ) and later\n and later", "supportingMedia": [{"type": "text/html", "value": "A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands.<br><br>We have already fixed the vulnerability in the following versions:<br>QuFirewall 2.3.3 ( 2023/03/27 ) and later<br> and later<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77"}, {"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78"}]}], "providerMetadata": {"orgId": "2fd009eb-170a-4625-932b-17a53af1051f", "shortName": "qnap", "dateUpdated": "2024-12-19T01:39:15.645Z"}}}, "cveMetadata": {"cveId": "CVE-2023-23356", "state": "PUBLISHED", "dateUpdated": "2024-12-24T00:41:02.334Z", "dateReserved": "2023-01-11T20:15:53.084Z", "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f", "datePublished": "2024-12-19T01:39:15.645Z", "assignerShortName": "qnap"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following versions:\nQuFirewall 2.3.3 ( 2023/03/27 ) and later\n and later"}], "id": "CVE-2023-23356", "lastModified": "2024-12-19T02:15:21.863", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "security@qnapsecurity.com.tw", "type": "Secondary"}]}, "published": "2024-12-19T02:15:21.863", "references": [{"source": "security@qnapsecurity.com.tw", "url": "https://www.qnap.com/en/security-advisory/qsa-23-14"}], "sourceIdentifier": "security@qnapsecurity.com.tw", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}, {"lang": "en", "value": "CWE-78"}], "source": "security@qnapsecurity.com.tw", "type": "Primary"}]}

{}