{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"QuTS hero h4.5.x versions ant\u00e9rieures \u00e0 QuTS hero h4.5.4.2626 build 20231225","product":{"name":"QuTS hero","vendor":{"name":"Qnap","scada":false}}},{"description":"Qsync Central 4.3.x versions ant\u00e9rieures \u00e0 Qsync Central 4.3.0.11","product":{"name":"N/A","vendor":{"name":"Qnap","scada":false}}},{"description":"QTS 5.1.x versions ant\u00e9rieures \u00e0 QTS 5.1.5.2645 build 20240116","product":{"name":"QTS","vendor":{"name":"Qnap","scada":false}}},{"description":"QuTScloud c5.x versions ant\u00e9rieures \u00e0 QuTScloud c5.1.5.2651","product":{"name":"N/A","vendor":{"name":"Qnap","scada":false}}},{"description":"QTS 5.1.x versions ant\u00e9rieures \u00e0 QTS 5.1.2.2533 build 20230926","product":{"name":"QTS","vendor":{"name":"Qnap","scada":false}}},{"description":"QuTS hero h5.1.x versions ant\u00e9rieures \u00e0 QuTS hero h5.1.3.2578 build 20231110","product":{"name":"QuTS hero","vendor":{"name":"Qnap","scada":false}}},{"description":"QuTS hero h5.1.x versions ant\u00e9rieures \u00e0 QuTS hero h5.1.5.2647 build 20240118","product":{"name":"QuTS hero","vendor":{"name":"Qnap","scada":false}}},{"description":"Photo Station 6.4.x versions ant\u00e9rieures \u00e0 Photo Station 6.4.2","product":{"name":"N/A","vendor":{"name":"Qnap","scada":false}}},{"description":"QTS 5.1.x versions ant\u00e9rieures \u00e0 QTS 5.1.3.2578 build 20231110","product":{"name":"QTS","vendor":{"name":"Qnap","scada":false}}},{"description":"Qsync Central 4.4.x versions ant\u00e9rieures \u00e0 Qsync Central 4.4.0.15","product":{"name":"N/A","vendor":{"name":"Qnap","scada":false}}},{"description":"QuTS hero h5.1.x versions ant\u00e9rieures \u00e0 QuTS hero h5.1.4.2596 build 20231128","product":{"name":"QuTS hero","vendor":{"name":"Qnap","scada":false}}},{"description":"QuTS hero h5.1.x versions ant\u00e9rieures \u00e0 QuTS hero h5.1.2.2534 build 20230927","product":{"name":"QuTS hero","vendor":{"name":"Qnap","scada":false}}},{"description":"QTS 5.1.x versions ant\u00e9rieures \u00e0 QTS 5.1.4.2596 build 20231128","product":{"name":"QTS","vendor":{"name":"Qnap","scada":false}}},{"description":"QTS 4.5.x versions ant\u00e9rieures \u00e0 QTS 4.5.4.2627 build 20231225","product":{"name":"QTS","vendor":{"name":"Qnap","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2023-41276","url":"https://www.cve.org/CVERecord?id=CVE-2023-41276"},{"name":"CVE-2023-50359","url":"https://www.cve.org/CVERecord?id=CVE-2023-50359"},{"name":"CVE-2023-41279","url":"https://www.cve.org/CVERecord?id=CVE-2023-41279"},{"name":"CVE-2023-41275","url":"https://www.cve.org/CVERecord?id=CVE-2023-41275"},{"name":"CVE-2023-47561","url":"https://www.cve.org/CVERecord?id=CVE-2023-47561"},{"name":"CVE-2023-39297","url":"https://www.cve.org/CVERecord?id=CVE-2023-39297"},{"name":"CVE-2023-47562","url":"https://www.cve.org/CVERecord?id=CVE-2023-47562"},{"name":"CVE-2023-47566","url":"https://www.cve.org/CVERecord?id=CVE-2023-47566"},{"name":"CVE-2023-32967","url":"https://www.cve.org/CVERecord?id=CVE-2023-32967"},{"name":"CVE-2023-48795","url":"https://www.cve.org/CVERecord?id=CVE-2023-48795"},{"name":"CVE-2023-45036","url":"https://www.cve.org/CVERecord?id=CVE-2023-45036"},{"name":"CVE-2023-41278","url":"https://www.cve.org/CVERecord?id=CVE-2023-41278"},{"name":"CVE-2023-45035","url":"https://www.cve.org/CVERecord?id=CVE-2023-45035"},{"name":"CVE-2023-47564","url":"https://www.cve.org/CVERecord?id=CVE-2023-47564"},{"name":"CVE-2023-41292","url":"https://www.cve.org/CVERecord?id=CVE-2023-41292"},{"name":"CVE-2023-41273","url":"https://www.cve.org/CVERecord?id=CVE-2023-41273"},{"name":"CVE-2023-45028","url":"https://www.cve.org/CVERecord?id=CVE-2023-45028"},{"name":"CVE-2023-47568","url":"https://www.cve.org/CVERecord?id=CVE-2023-47568"},{"name":"CVE-2023-41283","url":"https://www.cve.org/CVERecord?id=CVE-2023-41283"},{"name":"CVE-2023-45025","url":"https://www.cve.org/CVERecord?id=CVE-2023-45025"},{"name":"CVE-2023-39302","url":"https://www.cve.org/CVERecord?id=CVE-2023-39302"},{"name":"CVE-2023-39303","url":"https://www.cve.org/CVERecord?id=CVE-2023-39303"},{"name":"CVE-2023-41277","url":"https://www.cve.org/CVERecord?id=CVE-2023-41277"},{"name":"CVE-2023-41281","url":"https://www.cve.org/CVERecord?id=CVE-2023-41281"},{"name":"CVE-2023-41282","url":"https://www.cve.org/CVERecord?id=CVE-2023-41282"},{"name":"CVE-2023-41274","url":"https://www.cve.org/CVERecord?id=CVE-2023-41274"},{"name":"CVE-2023-45037","url":"https://www.cve.org/CVERecord?id=CVE-2023-45037"},{"name":"CVE-2023-45027","url":"https://www.cve.org/CVERecord?id=CVE-2023-45027"},{"name":"CVE-2023-47567","url":"https://www.cve.org/CVERecord?id=CVE-2023-47567"},{"name":"CVE-2023-45026","url":"https://www.cve.org/CVERecord?id=CVE-2023-45026"},{"name":"CVE-2023-41280","url":"https://www.cve.org/CVERecord?id=CVE-2023-41280"}],"links":[],"reference":"CERTFR-2024-AVI-0094","revisions":[{"description":"Version initiale","revision_date":"2024-02-05T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Non sp\u00e9cifi\u00e9 par l'\u00e9diteur"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans <span\nclass=\"textit\">les produits Qnap</span>. Certaines d'entre elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l'\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0 distance et\nun d\u00e9ni de service \u00e0 distance.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-30 du 03 f\u00e9vrier 2024","url":"https://www.qnap.com/fr-fr/security-advisory/qsa-23-30"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-06 du 03 f\u00e9vrier 2024","url":"https://www.qnap.com/fr-fr/security-advisory/qsa-24-06"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-46 du 03 f\u00e9vrier 2024","url":"https://www.qnap.com/fr-fr/security-advisory/qsa-23-46"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-08 du 03 f\u00e9vrier 2024","url":"https://www.qnap.com/fr-fr/security-advisory/qsa-24-08"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-03 du 03 f\u00e9vrier 2024","url":"https://www.qnap.com/fr-fr/security-advisory/qsa-24-03"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-53 du 03 f\u00e9vrier 2024","url":"https://www.qnap.com/fr-fr/security-advisory/qsa-23-53"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-33 du 03 f\u00e9vrier 2024","url":"https://www.qnap.com/fr-fr/security-advisory/qsa-23-33"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-01 du 03 f\u00e9vrier 2024","url":"https://www.qnap.com/fr-fr/security-advisory/qsa-24-01"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-05 du 03 f\u00e9vrier 2024","url":"https://www.qnap.com/fr-fr/security-advisory/qsa-24-05"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-04 du 03 f\u00e9vrier 2024","url":"https://www.qnap.com/fr-fr/security-advisory/qsa-24-04"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-38 du 03 f\u00e9vrier 2024","url":"https://www.qnap.com/fr-fr/security-advisory/qsa-23-38"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-02 du 03 f\u00e9vrier 2024","url":"https://www.qnap.com/fr-fr/security-advisory/qsa-24-02"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-07 du 03 f\u00e9vrier 2024","url":"https://www.qnap.com/fr-fr/security-advisory/qsa-24-07"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-47 du 03 f\u00e9vrier 2024","url":"https://www.qnap.com/fr-fr/security-advisory/qsa-23-47"}]}