Search

Security ID : NAS-201807-10

Security Advisory for Vulnerabilities in Q’center Virtual Appliance

  • Release date : July 10, 2018

  • CVE identifier : CVE-2018-0706 | CVE-2018-0707 | CVE-2018-0708 | CVE-2018-0709 | CVE-2018-0710

  • Affected products: Q’center Virtual Appliance version 1.7.1063 and earlier

Severity

Important

Status

Resolved

Summary

Several vulnerabilities were found recently in Q’center Virtual Appliance. If exploited, these vulnerabilities could allow authenticated users to run arbitrary commands on Q’center Virtual Appliance or access sensitive information.

We have already fixed these issues in Q’center Virtual Appliance version 1.7.1083 and later.

Recommendation

To fix these vulnerabilities, we recommend updating Q’center Virtual Appliance to the latest version.

Updating Q’center Virtual Appliance

  1. Log into Windows.
  2. On your web browser, go to https://www.qnap.com/utilities.
  3. Download the Q'center Virtual Appliance patch.
  4. Enter your Q’center Virtual Appliance IP address on your web browser.
  5. Log into Q’center Virtual Appliance.
  6. Go to Settings > Patch > Upload Patch.
    The Upload Patch window appears.
  7. Select the Q’center Virtual Appliance patch, and then click Upload.
    Q’center Virtual Appliance is updated.

Acknowledgements: Ivan Huertas from Core Security Consulting Services who discovered and researched the vulnerabilities

Revision History: V1.0 (July 10, 2018) - Published

Escolher especificação

      Mostrar mais Menos

      Este site noutros países/regiões:

      open menu
      back to top