HIGH🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2020-2506

CVSS 7.3v3.1pub. 2021-02-03upd. 2025-10-27

The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  • Qnap Helpdesk

    APP
    Qnap
    < 3.0.3

CISA KEV — detailsi

Vendori
QNAP Systems
Producti
Helpdesk
Added to KEVi
March 25, 2022
Remediation deadline (US Federal)i
April 15, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

QNAP Helpdesk contains an improper access control vulnerability which could allow an attacker to gain privileges or to read sensitive information.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 15 kwietnia 2022
CWE
References

Related vulnerabilities

CVE-2020-2507CRITICAL9.8ten sam produkt

The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command injection v...

CVE-2020-2500CRITICAL9.8ten sam produkt

This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service....

CVE-2018-0714CRITICAL9.8ten sam produkt

Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS ...

CVE-2024-50394HIGH7.7ten sam produkt

An improper certificate validation vulnerability has been reported to affect Helpdesk. If exploited, the vulne...

CVE-2021-28814HIGH8.8ten sam produkt

An improper access control vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerabilit...