KEVIntel

Vulnerability detail

Enriched intelligence for a single CVE

Back to KEVs

7.3

CVSS
High

CVE-2020-2506

PUBLISHED

improper access control vulnerability in Helpdesk

Exploited in the wild Remote Low complexity No user interaction

Vendor: QNAP Systems Inc.
Product: Helpdesk
Published: Feb 03, 2021
EPSS: —

Description

The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.

cisa

CVSS scores

CVSS v3.1 7.3 High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Exploitation status

Exploited in the wild

Recorded 2022-03-25 00:00:00 UTC · Source

SSVC decision points

Exploitation: active
Automatable: Yes
Technical impact: partial

References

https://www.qnap.com/zh-tw/security-advisory/qsa-20-08

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Mar 25, 2022

Timeline

CVE ID Reserved

December 09, 2019
CVE Published to Public

February 03, 2021
Added to KEVIntel

March 25, 2022