Discover Network Security News
QNAP Warns Customers to Patch Linux Sudo Flaw in NAS Devices
Taiwanese hardware vendor QNAP warns customers to secure their Linux-powered network-attached storage (NAS) devices against a high-severity Sudo privilege escalation vulnerability.
The flaw (tracked as CVE-2023-22809) was discovered by Synacktiv security researchers, who describe it as a "sudoers policy bypass in Sudo version 1.9.12p1 when using sudoedit."
Successful exploitation on unpatched devices using Sudo versions 1.8.0 through 1.9.12p1 could enable attackers to escalate privileges by editing unauthorized files after appending arbitrary entries to the list of files to process.
The vulnerability also affects the QTS, QuTS hero, QuTScloud, and QVP (QVR Pro appliances) NAS operating systems, as QNAP revealed in a security advisory published on Wednesday.