Search

Security ID : NAS-201807-10

Security Advisory for Vulnerabilities in Q’center Virtual Appliance

  • Release date : July 10, 2018

  • CVE identifier : CVE-2018-0706 | CVE-2018-0707 | CVE-2018-0708 | CVE-2018-0709 | CVE-2018-0710

  • Affected products: Q’center Virtual Appliance version 1.7.1063 and earlier

Severity

Important

Status

Resolved

Summary

Several vulnerabilities were found recently in Q’center Virtual Appliance. If exploited, these vulnerabilities could allow authenticated users to run arbitrary commands on Q’center Virtual Appliance or access sensitive information.

We have already fixed these issues in Q’center Virtual Appliance version 1.7.1083 and later.

Recommendation

To fix these vulnerabilities, we recommend updating Q’center Virtual Appliance to the latest version.

Updating Q’center Virtual Appliance

  1. Log into Windows.
  2. On your web browser, go to https://www.qnap.com/utilities.
  3. Download the Q'center Virtual Appliance patch.
  4. Enter your Q’center Virtual Appliance IP address on your web browser.
  5. Log into Q’center Virtual Appliance.
  6. Go to Settings > Patch > Upload Patch.
    The Upload Patch window appears.
  7. Select the Q’center Virtual Appliance patch, and then click Upload.
    Q’center Virtual Appliance is updated.

Acknowledgements: Ivan Huertas from Core Security Consulting Services who discovered and researched the vulnerabilities

Revision History: V1.0 (July 10, 2018) - Published

選擇規格

      顯示更多 隱藏更多

      選擇其他偏好的語言:

      back to top