Security ID : QSA-24-15

Multiple Vulnerabilities in Media Streaming Add-on


  • Release date : April 25, 2024

  • CVE identifier : CVE-2023-47220 | CVE-2023-47222

  • Affected products: Media Streaming add-on 500.1.x

Severity

Important

Status

Resolved


Summary

Multiple vulnerabilities have been reported to affect Media Streaming add-on:

  • CVE-2023-47220: If exploited, the OS command injection vulnerability could allow remote attackers who have gained user access to execute arbitrary commands.
  • CVE-2023-47222: If exploited, the exposure of sensitive information vulnerability could allow remote attackers to compromise the security of the system.

  

We have already fixed the vulnerability in the following version:

Affected Product Fixed Version
Media Streaming add-on 500.1.x Media Streaming add-on 500.1.1.5 (2024/01/22) and later

Recommendation

To fix the vulnerability, we recommend updating Media Streaming add-on to the latest version.

Updating Media Streaming add-on

  1. Log on to QTS or QuTS hero as an administrator.
  2. Open App Center and then click .
    A search box appears.
  3. Type "Media Streaming add-on" and then press ENTER.
    Media Streaming add-on appears in the search results.
  4. Click Update.
    A confirmation message appears.
    Note: The Update button is not available if your Media Streaming add-on is already up to date.
  5. Click OK.
    The application is updated.

  

Attachment

Acknowledgements: YingMuo (@YingMuo), working with DEVCORE Internship Program

Revision History:
V1.0 (April 27, 2024) - Published
V1.1 (May 3, 2024) - CVE-2023-47220 updated

Choose specification

      Show more Less

      Choose Your Country or Region

      open menu
      back to top