QNAP warns customers to patch Linux Sudo flaw in NAS devices


Customers should protect their Linux-powered network-attached storage (NAS) devices against a high-severity Sudo privilege escalation vulnerability, advises Taiwanese hardware provider QNAP. Security researchers at Synacktiv identified the weakness (recorded as CVE-2023-22809) and described it as a “sudoers policy bypass in Sudo version 1.9.12p1 while using sudoedit.”

Using Sudo versions 1.8.0 through 1.9.12p1 successfully on unpatched devices could allow attackers to elevate privileges by altering unauthorised files after inserting arbitrary entries to the list of files to process.

Read More…