Qnap Security Advisories Concerning Enhancement Vs. Security Vulnerabilities
Including buffer overflow vulnerabilities in Samba, vulnerabilities in QTS, QuTS hero, QuTScloud, QVP, and QVR OSs versions, in sudo and in OpenSSL
This is a Press Release edited by StorageNewsletter.com on April 3, 2023 at 2:01 pmQnap Systems, Inc. had published security enhancement vs. security vulnerabilities that could affect specific versions of company’s products. Use following information and solutions to correct security issues and vulnerabilities.
This advisory includes following:
- Buffer overflow vulnerabilities in Samba (ID: QSA-23-02)
- Buffer overflow vulnerability in Samba (ID: QSA-23-03)
- Vulnerabilities in QTS, QuTS hero, QuTScloud, and QVP (ID: QSA-23-06)
- Vulnerability in QTS, QuTS hero, QuTScloud, QVP, and QVR (ID: QSA-23-10)
- Vulnerability in Sudo (ID: QSA-23-11)
- Multiple vulnerabilities in OpenSSL (ID: QSA-23-15)
Fixing: Buffer overflow vulnerabilities in Samba
Security ID: QSA-23-02
Release date: March 30, 2023
Severity: Medium
CVE identifier: CVE-2022-3437 | CVE-2022-3592
Affected products: Certain Qnap devices running Samba
Summary
Multiple buffer overflow vulnerabilities have been reported in Samba.
These vulnerabilities affect following Qnap’s OS:
- QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances), QVR
The company have already fixed vulnerabilities in following OS versions:
- QTS 5.0.1.2346 build 20230322 and later
- QuTS hero h5.0.1.2348 build 20230324 and later
Qnap is urgently fixing the vulnerabilities in QuTScloud, QVP, and QVR. Check this security advisory regularly for updates and promptly update your OS to the latest recommended version as soon as it is available.
Resource: Learn more
Fixing : Buffer Overflow Vulnerability in Samba
Security ID: QSA-23-03
Release date: March 30, 2023
Severity: Medium
CVE identifier: CVE-2022-42898
Affected products: Certain Qnap devices running Samba
Summary
A buffer overflow vulnerability has been reported in Samba.
Vulnerability affects following the company’s OS:
-
QTS, QVP (QVR Pro appliances)
The company have already fixed the vulnerability in following OS versions:
-
QTS 5.0.1.2346 build 20230322 and later
Qnap is fixing the vulnerability in QVP. Check this security advisory regularly for updates and promptly update your OS to the latest recommended version as soon as it is available.
Resource :Learn more
Fixing : Vulnerabilities in QTS, QuTS hero, QuTScloud, and QVP
Security ID: QSA-23-06
Release date: March 30, 2023
Severity: Low
CVE identifier: CVE-2022-27597 | CVE-2022-27598
Affected products: Certain Qnap devices
Summary
Two vulnerabilities have been reported to affect multiple the company’s OS. If exploited, these vulnerabilities allow remote authenticated users to get secret values.
Vulnerabilities affect following OS:
-
QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances)
The company have already fixed the vulnerabilities in the following OS versions:
- QTS 5.0.1.2346 build 20230322 and later
- QuTS hero h5.0.1.2348 build 20230324 and later
Qnap is fixing the vulnerabilities in QuTScloud and QVP. Check this security advisory regularly for updates and promptly update your OS to the latest recommended version as soon as it is available.
Resource : Learn more
Fixing : Vulnerability in QTS, QuTS hero, QuTScloud, QVP, and QVR
Security ID: QSA-23-10
Release date: March 30, 2023
Severity: Medium
CVE identifier: CVE-2023-23355
Affected products: Certain Qnap devices
Summary
A vulnerability has been reported to affect multiple Qnap OS. If exploited, the vulnerability allows remote authenticated users to execute arbitrary commands via susceptible Qnap devices.
Vulnerability affects the following Qnap OS:
-
QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances), QVR.
The company have already fixed the vulnerability in the following OS versions:
- QTS 5.0.1.2346 build 20230322 and later
- QuTS hero h5.0.1.2348 build 20230324 and later
Qnap is fixing the vulnerabilities in QuTScloud, QVP, and QVR. Check this security advisory regularly for updates and promptly update your OS to the latest recommended version as soon as it is available.
Resource : Learn more
Fixing : Vulnerability in Sudo
Security ID: QSA-23-11
Release date: March 30, 2023
Severity: High
CVE identifier: CVE-2023-22809
Affected products: Certain Qnap devices
Summary
A vulnerability has been reported in Sudo.
Vulnerability affects the following Qnap OS:
-
QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances)
The company have already fixed the vulnerability in the following OS versions:
- QTS 5.0.1.2346 build 20230322 and later
- QuTS hero h5.0.1.2348 build 20230324 and later
Qnap is fixing the vulnerabilities in QuTScloud and QVP. Check this security advisory regularly for updates and promptly update your OS to the latest recommended version as soon as it is available.
Resource : Learn more
Fixing : Multiple vulnerabilities in OpenSSL
Security ID: QSA-23-15
Release date: March 30, 2023
Severity: Medium
CVE identifier: CVE-2023-0286 | CVE-2022-4304 | CVE-2023-0215 | CVE-2022-4450
Affected products: Certain Qnap devices
Summary
Multiple vulnerabilities have been reported in OpenSSL. These vulnerabilities affect the following firm’s OS:
- QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances), QVR, QES
The company have already fixed the vulnerabilities in the following OS versions:
- QTS 5.0.1.2346 build 20230322 and later
- QuTS hero h5.0.1.2348 build 20230324 and later
Qnap is fixing the vulnerabilities in QuTScloud, QVP, QVR, and QES. Check this security advisory regularly for updates and promptly update your OS to the latest recommended version as soon as it is available.
Resource : Learn more
If you have any questions regarding this issue, contact the company’s support.
Subscribe to our free daily newsletter
