On 30 January 2023, QNAP Systems Inc. disclosed a new critical vulnerability that could allow remote attackers to inject malicious code on QNAP NAS devices that were exposed to the internet. QNAP has stated that the vulnerability is a SQL Injection flaw being tracked as CVE-2022-27596 and can be abused in low-complexity attacks by unauthenticated malicious remote threat actors without requiring user interaction.
QNAP states that organisations running QTS 5.0.1 and QuTS hero h5.0.1 are impacted by CVE-2022-27596 and should upgrade to a patched build version as soon as possible to secure themselves from potential attacks.
This vulnerability has not been actively exploited in campaigns and there is no PoC exploit code or technical details available on the vulnerability as of January 31, 2023. However, according to CISA’s Known Exploited Vulnerabilities Catalog, threat actors have leveraged vulnerabilities in QNAP NAS products historically in ransomware campaigns.
While Arctic Wolf is not aware of the active exploitation of CVE-2022-27596 at this time, we are still strongly recommending that all organisations running the affected products upgrade to a fixed version as soon as possible.
Recommendation for CVE-2022-27596
This section provides details on the recommendations that have been provided by QNAP to patch impacted devices for CVE-2022-27596.
Update QNAP NAS Appliances
QNAP has fixed this vulnerability in the following operating system versions:
- QTS 220.127.116.114 build 20221201 and later
- QuTS hero h18.104.22.1688 build 20221215 and later
Details on how to install these patched versions on your device can be found on QNAP’s Security Advisory: https://www.qnap.com/en/security-advisory/qsa-23-01