Improper Auth in QNAP OS QTS/QuTS <5.1.3.2578, <c5.1.5.2651
CVE-2023-39303 Published on February 2, 2024
QTS, QuTS hero, QuTScloud
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTScloud c5.1.5.2651 and later
Vulnerability Analysis
CVE-2023-39303 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
What is an authentification Vulnerability?
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
CVE-2023-39303 has been classified to as an authentification vulnerability or weakness.
Products Associated with CVE-2023-39303
Want to know whenever a new CVE is published for QNAP products? stack.watch will email you.
Affected Versions
QNAP Systems Inc. QTS:- Version 5.1.x and below 5.1.3.2578 build 20231110 is affected.
- Version h5.1.x and below h5.1.3.2578 build 20231110 is affected.
- Version c5.x.x and below c5.1.5.2651 is affected.
- Version 5.1.0 and below 5.1.3.2578_build 20231110 is affected.
- Version 5.1.0 and below 5.1.3.2578_build 20231110 is affected.
- Version 5.0.0 and below 5.1.5.2651 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.