CVE-2023-39301
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Published Nov 3, 2023
Updated: Nov 14, 2023
CWE ID 918
Summary
CVE-2023-39301 is a newly discovered server-side request forgery (SSRF) vulnerability affecting several QNAP operating system versions. This issue enables authenticated users to read application data over a network. The impacted versions include QTS 5.0.1.2514, QTS 5.1.1.2491, QuTS hero h5.0.1.2515, QuTS hero h5.1.1.2488, and QuTScloud c5.1.0.2498. QNAP has released patches for these versions to mitigate this vulnerability. Users are strongly advised to update their systems to the recommended builds to protect against potential misuse.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- QNAP QTS
- QNAP QuTScloud
Affected Vendors
- QNAP Systems