CVE-2020-2506

Warnung

EPSS 25.83%
Veröffentlicht 03.02.2021 16:15:13
Zuletzt bearbeitet 07.02.2025 15:02:17
Quelle security@qnapsecurity.com.tw
Teams Watchlist Login
Unerledigt Login

The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qnap ≫ Helpdesk Version < 3.0.3

25.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

QNAP Helpdesk Improper Access Control Vulnerability

Schwachstelle

QNAP Helpdesk contains an improper access control vulnerability which could allow an attacker to gain privileges or to read sensitive information.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	25.83%	0.961

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
security@qnapsecurity.com.tw	7.3	3.9	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://www.qnap.com/zh-tw/security-advisory/qsa-20-08

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-2506

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-2506

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-2506

EUVD