CVE-2023-41280 - OpenCVE

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Qnap	Quts Hero Qts Qutscloud

Configuration 1 [-]

OR	cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325::::::
	cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515::::::
	cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603::::::
	cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629::::::
	cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721::::::
	cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815::::::
	cpe:2.3:o:qnap:qts:5.1.2.2533:-::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:-::::::
	cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822::::::

References

Link	Resource
https://www.qnap.com/en/security-advisory/qsa-23-38	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: qnap

Published: 2024-02-02T16:04:39.355Z

Updated: 2024-06-26T14:27:32.782Z

Reserved: 2023-08-28T09:08:02.976Z

Link: CVE-2023-41280

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-02-02T16:15:48.940

Modified: 2024-02-06T20:10:07.957

Link: CVE-2023-41280

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-41280", "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f", "state": "PUBLISHED", "assignerShortName": "qnap", "dateReserved": "2023-08-28T09:08:02.976Z", "datePublished": "2024-02-02T16:04:39.355Z", "dateUpdated": "2024-06-26T14:27:32.782Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "QTS", "vendor": "QNAP Systems Inc.", "versions": [{"lessThan": "5.1.2.2533 build 20230926", "status": "affected", "version": "5.1.x", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "QuTS hero", "vendor": "QNAP Systems Inc.", "versions": [{"lessThan": "h5.1.2.2534 build 20230927", "status": "affected", "version": "h5.1.x", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "QuTScloud", "vendor": "QNAP Systems Inc.", "versions": [{"lessThan": "c5.1.5.2651", "status": "affected", "version": "c5.x.x", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Jiaxu Zhao && Bingwei Peng"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.<br><br>We have already fixed the vulnerability in the following versions:<br>QTS 5.1.2.2533 build 20230926 and later<br>QuTS hero h5.1.2.2534 build 20230927 and later<br>QuTScloud c5.1.5.2651 and later<br>"}], "value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.2.2533 build 20230926 and later\nQuTS hero h5.1.2.2534 build 20230927 and later\nQuTScloud c5.1.5.2651 and later\n"}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "CWE-120", "lang": "en", "type": "CWE"}, {"cweId": "CWE-121", "description": "CWE-121", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2fd009eb-170a-4625-932b-17a53af1051f", "shortName": "qnap", "dateUpdated": "2024-02-02T16:04:39.355Z"}, "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-23-38"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "We have already fixed the vulnerability in the following versions:<br>QTS 5.1.2.2533 build 20230926 and later<br>QuTS hero h5.1.2.2534 build 20230927 and later<br>QuTScloud c5.1.5.2651 and later<br>"}], "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.2.2533 build 20230926 and later\nQuTS hero h5.1.2.2534 build 20230927 and later\nQuTScloud c5.1.5.2651 and later\n"}], "source": {"advisory": "QSA-23-38", "discovery": "EXTERNAL"}, "title": "QTS, QuTS hero, QuTScloud", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-26T14:27:23.641486Z", "id": "CVE-2023-41280", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T14:27:32.782Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*", "matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*", "matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*", "matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*", "matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*", "matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*", "matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:-:*:*:*:*:*:*", "matchCriteriaId": "68A99623-CAF5-404E-84E5-73B75F5C0651", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*", "matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*", "matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*", "matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*", "matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*", "matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:-:*:*:*:*:*:*", "matchCriteriaId": "8F7CBA06-2712-4BF8-81AD-EE7B0B0DB46A", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*", "matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.2.2533 build 20230926 and later\nQuTS hero h5.1.2.2534 build 20230927 and later\nQuTScloud c5.1.5.2651 and later\n"}, {"lang": "es", "value": "Se ha informado que una copia del b\u00fafer sin verificar el tama\u00f1o de la vulnerabilidad de entrada afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar c\u00f3digo a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.2.2533 build 20230926 y posteriores QuTS hero h5.1.2.2534 build 20230927 y posteriores QuTScloud c5.1.5.2651 y posteriores"}], "id": "CVE-2023-41280", "lastModified": "2024-02-06T20:10:07.957", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "security@qnapsecurity.com.tw", "type": "Secondary"}]}, "published": "2024-02-02T16:15:48.940", "references": [{"source": "security@qnapsecurity.com.tw", "tags": ["Vendor Advisory"], "url": "https://www.qnap.com/en/security-advisory/qsa-23-38"}], "sourceIdentifier": "security@qnapsecurity.com.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}, {"lang": "en", "value": "CWE-121"}], "source": "security@qnapsecurity.com.tw", "type": "Primary"}]}