{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Container Station versions 5..6.x ant\u00e9rieures \u00e0 2.6.7.44","product":{"name":"N/A","vendor":{"name":"Qnap","scada":false}}},{"description":"QTS hero versions h5.0.x ant\u00e9rieures \u00e0 h5.0.1.2515 build 20230907","product":{"name":"QTS","vendor":{"name":"Qnap","scada":false}}},{"description":"QTS versions 5.1.x ant\u00e9rieures \u00e0 5.1.0.2444 build 20230629","product":{"name":"QTS","vendor":{"name":"Qnap","scada":false}}},{"description":"QTS versions 4.5.x ant\u00e9rieures \u00e0 4.5.4.2467 build 20230718","product":{"name":"QTS","vendor":{"name":"Qnap","scada":false}}},{"description":"QTS hero versions h5.1.x ant\u00e9rieures \u00e0 h5.1.0.2424 build 20230609","product":{"name":"QTS","vendor":{"name":"Qnap","scada":false}}},{"description":"QuTScloud versions c5.x ant\u00e9rieures \u00e0 c5.1.0.2498","product":{"name":"N/A","vendor":{"name":"Qnap","scada":false}}},{"description":"QTS hero versions h4.5.x ant\u00e9rieures \u00e0 h4.5.4.2476 build 20230728","product":{"name":"QTS","vendor":{"name":"Qnap","scada":false}}},{"description":"QTS versions 5.0.x ant\u00e9rieures \u00e0 5.0.1.2425 build 20230609","product":{"name":"QTS","vendor":{"name":"Qnap","scada":false}}},{"description":"Video Station versions 5.7.x ant\u00e9rieures \u00e0 5.7.0 (2023/07/27)","product":{"name":"Video Station","vendor":{"name":"Qnap","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2023-34975","url":"https://www.cve.org/CVERecord?id=CVE-2023-34975"},{"name":"CVE-2023-34977","url":"https://www.cve.org/CVERecord?id=CVE-2023-34977"},{"name":"CVE-2023-32976","url":"https://www.cve.org/CVERecord?id=CVE-2023-32976"},{"name":"CVE-2023-32973","url":"https://www.cve.org/CVERecord?id=CVE-2023-32973"},{"name":"CVE-2023-32970","url":"https://www.cve.org/CVERecord?id=CVE-2023-32970"},{"name":"CVE-2023-34976","url":"https://www.cve.org/CVERecord?id=CVE-2023-34976"},{"name":"CVE-2023-32974","url":"https://www.cve.org/CVERecord?id=CVE-2023-32974"}],"links":[],"reference":"CERTFR-2023-AVI-0846","revisions":[{"description":"Version initiale","revision_date":"2023-10-16T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Qnap.\nCertaines d'entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Qnap qsa-23-42 du 14 octobre 2023","url":"https://www.qnap.com/fr-fr/security-advisory/qsa-23-42"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Qnap qsa-23-52 du 14 octobre 2023","url":"https://www.qnap.com/fr-fr/security-advisory/qsa-23-52"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Qnap qsa-23-41 du 14 octobre 2023","url":"https://www.qnap.com/fr-fr/security-advisory/qsa-23-41"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Qnap qsa-23-44 du 14 octobre 2023","url":"https://www.qnap.com/fr-fr/security-advisory/qsa-23-44"}]}