QNAP, a manufacturer of network-attached storage (NAS) systems, issued a warning to its users regarding a critical vulnerability that can be exploited through the Sudo program for Linux.
The vulnerability, named CVE-2023-22809, can potentially allow attackers to gain elevated privileges via Sudo versions 1.8.0 through 1.9.12p1, potentially resulting in unauthorized access to a user’s data. While there have been no reported cases of the vulnerability being exploited, QNAP has urged its customers to update their storage systems as soon as possible. All QNAP systems running QTS, QuTS hero, QuTScloud, QVP, and QVP Pro operating systems are at risk, and users are advised to check for updates regularly.
The vulnerability also affects the QTS, QuTS hero, QuTScloud, and QVP (QVR Pro appliances) NAS operating systems, as QNAP revealed in a security advisory published on Wednesday.
To update QTS, QuTS hero or QuTScloud customers must click on the “Check for Update” option under the “Live Update” area after logging in as admin users and go to Control Panel > System > Firmware Update.
Alternatively, they can update manually after downloading it from QNAP’s Download Center by selecting their product type and device model.
The company has already released updates for QTS version 188.8.131.526 (build 20230322 and newer) and QuTS hero version h184.108.40.2068 (build 20230324 and newer), which can be installed via the Firmware Update heading in the Control Panel under System.