On January 30, 2023, QNAP Systems Inc. disclosed a new critical vulnerability that could allow remote attackers to inject malicious code on QNAP NAS devices that were exposed to the internet. QNAP has stated that the vulnerability is a SQL Injection flaw being tracked as CVE-2022-27596 and can be abused in low-complexity attacks by unauthenticated malicious remote threat actors without requiring user interaction.
QNAP states that organizations running QTS 5.0.1 and QuTS hero h5.0.1 are impacted by CVE-2022-27596 and should upgrade to a patched build version as soon as possible to secure themselves from potential attacks.
This vulnerability has not been actively exploited in campaigns and there is no PoC exploit code or technical details available on the vulnerability as of January 31, 2023. However, according to CISA’s Known Exploited Vulnerabilities Catalog, threat actors have leveraged vulnerabilities in QNAP NAS products historically in ransomware campaigns.
While Arctic Wolf is not aware of the active exploitation of CVE-2022-27596 at this time, we are still strongly recommending that all organizations running the affected products upgrade to a fixed version as soon as possible.
Recommendation for CVE-2022-27596
This section provides details on the recommendations that have been provided by QNAP to patch impacted devices for CVE-2022-27596.
Update QNAP NAS Appliances
QNAP has fixed this vulnerability in the following operating system versions:
- QTS 22.214.171.1244 build 20221201 and later
- QuTS hero h126.96.36.1998 build 20221215 and later
Details on how to install these patched versions on your device can be found on QNAP’s Security Advisory: https://www.qnap.com/en/security-advisory/qsa-23-01