QNAP Critical Sudo Vulnerability
QNAP, a manufacturer of network-attached storage (NAS) systems, issued a warning to its users regarding a critical vulnerability that can be exploited through the Sudo program for Linux.
The vulnerability, named CVE-2023-22809, can potentially allow attackers to gain elevated privileges via Sudo versions 1.8.0 through 1.9.12p1, potentially resulting in unauthorized access to a user’s data. While there have been no reported cases of the vulnerability being exploited,.
QNAP has urged its customers to update their storage systems as soon as possible. All QNAP systems running QTS, QuTS hero, QuTScloud, QVP, and QVP Pro operating systems are at risk, and users are advised to check for updates regularly.
QNAP already released updates for QTS version 188.8.131.526 (build 20230322 and newer) and QuTS hero version h184.108.40.2068 (build 20230324 and newer), which can be installed via the Firmware Update heading in the Control Panel under System.
QNAP is still working on updates for the other operating systems listed and will notify users once they become available