How can users protect their systems?
QNAP, one of the leaders in the production of network attached storage (NAS), has discovered two critical command injection vulnerabilities in several versions of the QTS operating system. Both bugs allow remote network attacks, which puts data security at risk.
The first vulnerability with the code CVE-2023-23368, which received a criticality rating of 9.8 points out of 10, affects the following versions of QTS: 5.0.x and 4.5. x, QuTS hero h5. 0. x and h4.5.x, and QuTScloud c5.0.1.
The second vulnerability, CVE-2023-23369, has a slightly lower risk level-9.0, but can also be exploited remotely. It applies to QTS versions 5.1. x, 4.3.6, 4.3.4, 4.3.3 and 4.2. x, as well as Multimedia Console 2.1.x and 1.4. x, Media Streaming add-ons versions 500.1. x and 500.0. x.
Patches have already been released. Installing them will help you solve both problems.
System administrators can update QTS, QuTS hero, or QuTScloud by going to Control Panel, then System Preferences, and selecting "Firmware Update". Patches can also be downloaded manually from the QNAP website. The Multimedia Console is updated via the App Center app, if a more recent version is available. The same scheme applies to the Media Streaming add-on.
NAS devices are typically used to store large amounts of data, so vulnerabilities that allow remote command execution can have serious consequences for owners privacy. Unprotected storage is a convenient target for ransomware, spies, and other cybercriminals.
QNAP devices have previously been targeted by ransomware. A year ago, the Deadbolt group used a previously unknown vulnerability of NAS systems accessible via the Internet in its campaigns.
Users are advised to take action as soon as possible to minimize risks.
QNAP, one of the leaders in the production of network attached storage (NAS), has discovered two critical command injection vulnerabilities in several versions of the QTS operating system. Both bugs allow remote network attacks, which puts data security at risk.
The first vulnerability with the code CVE-2023-23368, which received a criticality rating of 9.8 points out of 10, affects the following versions of QTS: 5.0.x and 4.5. x, QuTS hero h5. 0. x and h4.5.x, and QuTScloud c5.0.1.
The second vulnerability, CVE-2023-23369, has a slightly lower risk level-9.0, but can also be exploited remotely. It applies to QTS versions 5.1. x, 4.3.6, 4.3.4, 4.3.3 and 4.2. x, as well as Multimedia Console 2.1.x and 1.4. x, Media Streaming add-ons versions 500.1. x and 500.0. x.
Patches have already been released. Installing them will help you solve both problems.
System administrators can update QTS, QuTS hero, or QuTScloud by going to Control Panel, then System Preferences, and selecting "Firmware Update". Patches can also be downloaded manually from the QNAP website. The Multimedia Console is updated via the App Center app, if a more recent version is available. The same scheme applies to the Media Streaming add-on.
NAS devices are typically used to store large amounts of data, so vulnerabilities that allow remote command execution can have serious consequences for owners privacy. Unprotected storage is a convenient target for ransomware, spies, and other cybercriminals.
QNAP devices have previously been targeted by ransomware. A year ago, the Deadbolt group used a previously unknown vulnerability of NAS systems accessible via the Internet in its campaigns.
Users are advised to take action as soon as possible to minimize risks.
