March 30, 2023
QNAP Patches High-Severity Vulnerability Exists In The Wild
QNAP has issued a warning to consumers that some of its Network Attached Storage (NAS) devices are vulnerable to high-severity privilege escalation vulnerability.
- CVE-2023-22809 (CVSS 3.1 : 7.8, High-severity) – Privilage escalation vulnerability (sudoers policy bypass) in Sudo version 1.9.12p1.
Successful exploitation on unpatched devices could enable attackers to escalate privileges by editing unauthorized files.
According Qnap, the vulnerability affects the following QNAP operating systems:
- QuTS hero
- QVP (QVR Pro appliances)
CYREBRO recommends to update QNAP NAS devices to the latest firmware version.
References: QNAP Advisory