Improper Certificate Validation in QNAP Helpdesk
CVE-2018-19946

4.2MEDIUM

Key Information:

Vendor
QNAP
Status
Helpdesk
Vendor
CVE Published:
11 September 2020

Summary

The vulnerability affects earlier versions of QNAP Helpdesk and arises from improper validation of SSL/TLS certificates. This flaw could potentially allow an attacker to impersonate a trusted entity by manipulating the communication channel between the host and client, leading to unauthorized actions or information disclosure. QNAP has released updates to mitigate this issue, and users are encouraged to upgrade to Helpdesk version 3.0.3 or later to safeguard their systems.

Affected Version(s)

Helpdesk < 3.0.3

References

https://www.qnap.com/zh-tw/security-advisory/qsa-20-05
x_refsource_MISC

CVSS V3.1

Score:
4.2
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Independent Security Evaluators
.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.