CVE-2023-23356
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Published Dec 19, 2024
CWE ID 78
CWE ID 77
Summary
CVE-2023-23356 is a command injection vulnerability that affects several QNAP operating system versions. If successfully exploited by an attacker who has obtained administrator access, this vulnerability enables the execution of arbitrary commands. The impact of this flaw could be significant, potentially allowing attackers to gain unauthorized access or modify system configurations. QNAP has already released fixes for this issue in QuFirewall 2.3.3 and later versions.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share