安全ID : QSA-20-08
Multiple Vulnerabilities in Helpdesk
发布日期 : October 7, 2020
通用漏洞披露 : CVE-2020-2506 | CVE-2020-2507
受影响产品: Helpdesk
严重程度
严重
状态
已解决
Summary
Two vulnerabilities have been reported to affect earlier versions of QTS.
- CVE-2020-2506: If exploited, this improper access control vulnerability could allow attackers to gain privileges, or read sensitive information.
- CVE-2020-2507:If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands.
QNAP has already fixed these issues in Helpdesk 3.0.3 and later versions.
Recommendation
To fix the vulnerability, we strongly recommend updating Helpdesk to the latest version.
Updating Helpdesk
- Log on to QTS as administrator.
- Open the App Center, and then click
.
A search box appears. - Type “Helpdesk”, and then press ENTER.
The Helpdesk application appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if you are using the latest version. - Click OK.
The application is updated.
致谢: Jose Antonio Pérez Piedra
修订历史: V1.1 (March 11, 2021) - CVE-2020-2506 refined
V1.0 (October 7, 2020) - Published
