Security ID : QSA-24-15
Multiple Vulnerabilities in Media Streaming Add-on
Release date : April 25, 2024
CVE identifier : CVE-2023-47220 | CVE-2023-47222
Affected products: Media Streaming add-on 500.1.x
Severity
Important
Status
Resolved
Summary
Multiple vulnerabilities have been reported to affect Media Streaming add-on:
- CVE-2023-47220: If exploited, the OS command injection vulnerability could allow remote attackers who have gained user access to execute arbitrary commands.
- CVE-2023-47222: If exploited, the exposure of sensitive information vulnerability could allow remote attackers to compromise the security of the system.
We have already fixed the vulnerability in the following version:
| Affected Product | Fixed Version |
| Media Streaming add-on 500.1.x | Media Streaming add-on 500.1.1.5 (2024/01/22) and later |
Recommendation
To fix the vulnerability, we recommend updating Media Streaming add-on to the latest version.
Updating Media Streaming add-on
- Log on to QTS or QuTS hero as an administrator.
- Open App Center and then click
.
A search box appears. - Type "Media Streaming add-on" and then press ENTER.
Media Streaming add-on appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your Media Streaming add-on is already up to date. - Click OK.
The application is updated.
Attachment
Acknowledgements: YingMuo (@YingMuo), working with DEVCORE Internship Program
Revision History:
V1.0 (April 27, 2024) - Published
V1.1 (May 3, 2024) - CVE-2023-47220 updated
