Search

安全ID : NAS-201807-10

Security Advisory for Vulnerabilities in Q’center Virtual Appliance

  • 发布日期 : July 10, 2018

  • 通用漏洞披露 : CVE-2018-0706 | CVE-2018-0707 | CVE-2018-0708 | CVE-2018-0709 | CVE-2018-0710

  • 受影响产品: Q’center Virtual Appliance version 1.7.1063 and earlier

严重程度

Important

状态

已解决

Summary

Several vulnerabilities were found recently in Q’center Virtual Appliance. If exploited, these vulnerabilities could allow authenticated users to run arbitrary commands on Q’center Virtual Appliance or access sensitive information.

We have already fixed these issues in Q’center Virtual Appliance version 1.7.1083 and later.

Recommendation

To fix these vulnerabilities, we recommend updating Q’center Virtual Appliance to the latest version.

Updating Q’center Virtual Appliance

  1. Log into Windows.
  2. On your web browser, go to https://www.qnap.com/utilities.
  3. Download the Q'center Virtual Appliance patch.
  4. Enter your Q’center Virtual Appliance IP address on your web browser.
  5. Log into Q’center Virtual Appliance.
  6. Go to Settings > Patch > Upload Patch.
    The Upload Patch window appears.
  7. Select the Q’center Virtual Appliance patch, and then click Upload.
    Q’center Virtual Appliance is updated.

致谢: Ivan Huertas from Core Security Consulting Services who discovered and researched the vulnerabilities

修订历史: V1.0 (July 10, 2018) - Published

选择规格

      显示更多 隐藏更多
      open menu
      back to top