CVE-2023-39301
Summary
A server-side request forgery (SSRF) vulnerability has been identified in several QNAP operating system versions, potentially allowing authenticated users to read application data over the network. QNAP has released patches for affected versions of QTS, QuTS hero, and QuTScloud.
IFF Assessment
FOE
This vulnerability could allow unauthorized access to sensitive data, posing a direct threat to user privacy and system integrity.
Severity
4.3
Medium
Defender Context
This SSRF vulnerability in QNAP devices could be leveraged by attackers to access sensitive application data. Defenders should ensure their QNAP systems are updated to the patched versions to mitigate this risk and monitor for any unusual network requests originating from these devices.