QNAP has urged for the immediate remediation of a high-severity Sudo privilege escalation bug in its Linux-based network-attached storage devices, BleepingComputer reports.
Threat actors could exploit the vulnerability, tracked as CVE-2023-22809, in devices with Sudo versions 1.8.0 through 1.9.12p1 to facilitate privilege escalation activities, according to QNAP. QTS, QuTS hero, QuTScloud, and QVR Pro appliances are impacted by the flaw, with patches for the latter two products still underway.
"Please check this security advisory regularly for updates and promptly update your operating system to the latest recommended version as soon as it is available. To secure your device, we recommend regularly updating your system to the latest version to benefit from vulnerability fixes," said QNAP, which has also disclosed fixes for other security bugs in its other products.
While CVE-2023-22809 has not yet been actively exploited, older security flaws have been leveraged to compromise QNAP NAS devices with eCh0raix and DeadBolt ransomware infections.