CVE-2020-2506

Warning

EPSS 25.83%
Published 03.02.2021 16:15:13
Last modified 07.02.2025 15:02:17
Source security@qnapsecurity.com.tw
Teams watchlist Login
Open Login

The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.

Affected products Warnungen 1 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Qnap ≫ Helpdesk Version < 3.0.3

25.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

QNAP Helpdesk Improper Access Control Vulnerability

Vulnerability

QNAP Helpdesk contains an improper access control vulnerability which could allow an attacker to gain privileges or to read sensitive information.

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	25.83%	0.961

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
security@qnapsecurity.com.tw	7.3	3.9	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://www.qnap.com/zh-tw/security-advisory/qsa-20-08

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-2506

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-2506

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-2506

EUVD