Home SECURITY QNAP Systems, well-known in the NAS industry, urges customers to urgently update their software

QNAP Systems, well-known in the NAS industry, urges customers to urgently update their software

0
QNAP Systems, well-known in the NAS industry, urges customers to urgently update their software

[ad_1]

QNAP Systems, well-known in the NAS industry, urges customers to urgently update their software

The identified vulnerability affects several products of the company at once, tens of thousands of devices are at risk.

Taiwanese hardware manufacturer QNAP alerts customers about the need to protect your network storages (NAS) on the base linux from a critical Sudo privilege escalation vulnerability. Vulnerability tracked as CVE-2023-22809 was discovered by security researchers Synactivwhich describe it as “bypassing the sudoers policy in Sudo 1.9.12p1 when using sudoedit”.

Successful exploitation on unpatched devices with Sudo 1.8.0-1.9.12p1 may allow attackers to elevate their privileges by editing unauthorized files after adding arbitrary entries to the list of processed files, and execute malicious code unhindered.

The vulnerability affects QTS, QuTS hero, QuTScloud operating systems and QVR Pro devices. For the first two, a fix patch has already been released. The QNAP company itself your security bulletin writes the following: “Please check regularly for system updates and update immediately as soon as a new version becomes available.”

To update your QTS, QuTS hero or QuTScloud, you must log in with an administrator profile, go to “Control Panel” > “System” > “Firmware Update”, and then select the “Check for Updates” item in the “Live Update” section. time.”

Although the vulnerability CVE-2023-22809 not flagged as being heavily exploited in real life, due to the severity of the vulnerability (CVSS: 7.8 points), customers are encouraged to install available security updates as soon as possible.

Previous known attacks on QNAP NAS devices used DeadBolt and eCh0raix ransomware to exploit vulnerabilities to encrypt data on devices connected to the Internet.

Also QNAP announced about fixing many other medium-severity vulnerabilities affecting its products, including those found in OpenSSL, Samba, and the company’s own operating systems.

[ad_2]

Source link

www.securitylab.ru

LEAVE A REPLY

Please enter your comment!
Please enter your name here