Search

Security ID : QSA-20-08

Multiple Vulnerabilities in Helpdesk

  • Release date : October 7, 2020

  • CVE identifier : CVE-2020-2506 | CVE-2020-2507

  • Affected products: Helpdesk

Severity

Critical

Status

Resolved

Summary

Two vulnerabilities have been reported to affect earlier versions of QTS. 

  • CVE-2020-2506: If exploited, this improper access control vulnerability could allow attackers to gain privileges, or read sensitive information.
  • CVE-2020-2507:If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands.

QNAP has already fixed these issues in Helpdesk 3.0.3 and later versions.

Recommendation

To fix the vulnerability, we strongly recommend updating Helpdesk to the latest version.

Updating Helpdesk

  1. Log on to QTS as administrator.
  2. Open the App Center, and then click .
    A search box appears.
  3. Type “Helpdesk”, and then press ENTER.
    The Helpdesk application appears in the search results.
  4. Click Update.
    A confirmation message appears.
    Note: The Update button is not available if you are using the latest version.
  5. Click OK.
    The application is updated.

Acknowledgements: Jose Antonio Pérez Piedra

Revision History: V1.1 (March 11, 2021) - CVE-2020-2506 refined
                                 V1.0 (October 7, 2020) - Published

Choose specification

      Show more Less

      Choose Your Country or Region

      back to top