Improper Certificate Validation in QNAP Helpdesk
CVE-2018-19946

4.2MEDIUM

Key Information:

Vendor: QNAP
Status: Helpdesk
Vendor: CVE Published:; 11 September 2020

What is CVE-2018-19946?

The vulnerability affects earlier versions of QNAP Helpdesk and arises from improper validation of SSL/TLS certificates. This flaw could potentially allow an attacker to impersonate a trusted entity by manipulating the communication channel between the host and client, leading to unauthorized actions or information disclosure. QNAP has released updates to mitigate this issue, and users are encouraged to upgrade to Helpdesk version 3.0.3 or later to safeguard their systems.

Affected Version(s)

Helpdesk < 3.0.3

References

https://www.qnap.com/zh-tw/security-advisory/qsa-20-05

x_refsource_MISC

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2020
Vulnerability Reserved
Dec 7, 2018

Credit

Independent Security Evaluators