improper access control vulnerability in Helpdesk
CVE-2020-2506

7.3HIGH

Key Information:

Vendor: QNAP
Status: Helpdesk
Vendor: CVE Published:; 7 October 2020

Badges

👾 Exploit Exists🦅 CISA Reported

Summary

The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply updates per vendor instructions.

Affected Version(s)

Helpdesk < 3.0.3

References

https://www.qnap.com/zh-tw/security-advisory/qsa-20-08

x_refsource_MISC

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Mar 25, 2022
🦅
CISA Reported
Mar 25, 2022
Vulnerability published
Oct 7, 2020
Vulnerability Reserved
Dec 9, 2019

Credit

Jose Antonio Pérez Piedra