===================================================================== CERT-Renater Note d'Information No. 2023/VULN415 _____________________________________________________________________ DATE : 18/10/2023 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Container Station versions prior to 2.6.7.44. ===================================================================== https://www.qnap.com/en/security-advisory/qsa-23-44 _____________________________________________________________________ Security ID : QSA-23-44 Vulnerability in Container Station Release date : October 14, 2023 CVE identifier : CVE-2023-32976 Affected products: Container Station 2.6.x Severity Medium Status Resolved Summary An OS command injection vulnerability has been reported to affect Container Station. If exploited, the vulnerability could allow authenticated administrators to execute arbitrary commands via a network. We have already fixed the vulnerability in the following version: Affected Product Fixed Version Container Station 2.6.x Container Station 2.6.7.44 and later Recommendation To fix the vulnerability, we recommend updating Container Station to the latest version. Updating Container Station Log on to QTS or QuTS hero as administrator. Open the App Center and then click . A search box appears. Type "Container Station" and then press ENTER. Container Station appears in the search results. Click Update. A confirmation message appears. Note: The Update button is not available if your Container Station is already up to date. Click OK. The application is updated. Attachment CVE-2023-32976.json Acknowledgements: YC of the M1QLin security team Revision History: V1.0 (October 14, 2023) - Published ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================