CVE-2020-2506

improper access control vulnerability in Helpdesk

CVSS 7.3 HIGHEPSS 2.0%● KEVCWE-284

In short

A flaw in QNAP Helpdesk allows attackers to bypass access controls and gain unauthorized privileges or read sensitive data. This happens because the software doesn't properly check who should be allowed to access certain features.

Technical detail

Improper access control (CWE-284) in QNAP Helpdesk versions before 3.0.3 permits attackers to escalate privileges or access restricted information without proper authentication or authorization checks. The vulnerability stems from insufficient validation of user permissions, enabling unauthorized access to sensitive functionality.

Summary generated and translated by AI from the official description.

The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected products

QNAP Systems Inc. · Helpdesk

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-2506 https://www.qnap.com/zh-tw/security-advisory/qsa-20-08