CVE-2020-2506

EUVD-2020-22299
The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
qnapCNA
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Affected Products (NVD)
VendorProductVersion
qnaphelpdesk
𝑥
< 3.0.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.qnap.com/zh-tw/security-advisory/qsa-20-08
https://www.qnap.com/zh-tw/security-advisory/qsa-20-08
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-2506