CVE-2018-19946

4.2MEDIUM

Key Information:

Vendor: QNAP
Status: Helpdesk
Vendor: CVE Published:; 11 September 2020

Summary

The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this improper certificate validation vulnerability could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. QNAP has already fixed the issue in Helpdesk 3.0.3 and later.

Affected Version(s)

Helpdesk < 3.0.3

References

https://www.qnap.com/zh-tw/security-advisory/qsa-20-05

x_refsource_MISC

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 11, 2020
Vulnerability Reserved
Dec 7, 2018

Credit

Independent Security Evaluators