安全ID : NAS-201808-13
Security Advisory for Command Injection Vulnerability in Helpdesk
发布日期 : August 13, 2018
通用漏洞披露 : CVE-2018-0714
受影响产品: Helpdesk versions 1.1.21 and earlier in
QTS 4.2.6: build 20180531
QTS 4.3.3: build 20180528
QTS 4.3.4: build 20180528 and earlier versions
严重程度
Important
状态
已解决
Summary
A command injection vulnerability was recently found in Helpdesk. If exploited, this vulnerability could allow remote attackers to run arbitrary commands in the compromised application.
We have already fixed this issue in Helpdesk version 1.2 and later in the following QTS versions.
- QTS 4.2.6: build 20180711 and later
- QTS 4.3.3: build 20180716 and later
- QTS 4.3.4: build 20180710 and later
Recommendation
To fix these vulnerabilities, we recommend updating QTS first, and then Helpdesk, to their latest versions.
Installing the QTS Update
- Log on to QTS as administrator.
- Go to Control Panel > System > Firmware Update.
- Under Live Update, click Check for Update.
QTS downloads and installs the latest available update.
Updating Helpdesk
- Log on to QTS as administrator.
- Open the App Center, and then click the Search icon.
A search box appears. - Type “Helpdesk”, and then press ENTER.
The Helpdesk application appears in the search results list. - Click Update.
A confirmation message appears. - Click OK.
The application is updated.
致谢: Yoni Ramon, security researcher
修订历史: V1.0 (August 13, 2018) - Published
