CVE-2020-2499 — MEDIUM (6.3)

Q: How severe is CVE-2020-2499?

CVE-2020-2499 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-2499?

Check the references section above for vendor advisories and patch information. Affected products include: Qnap Qes.

Vulnerability Description

A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow attackers to log in with a hard-coded password. QNAP has already fixed the issue in QES 2.1.1 Build 20200515 and later.

CVSS Score

6.3

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Qnap	Qes	< 2.1.1

Related Weaknesses (CWE)

CWE-522 CWE-798 CWE-259

References

https://www.qnap.com/zh-tw/security-advisory/qsa-20-19Vendor Advisory
https://www.qnap.com/zh-tw/security-advisory/qsa-20-19Vendor Advisory

FAQ

What is CVE-2020-2499?

CVE-2020-2499 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow attackers to log in with a hard-coded password. QNAP has already f...

How severe is CVE-2020-2499?

CVE-2020-2499 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-2499?

Check the references section above for vendor advisories and patch information. Affected products include: Qnap Qes.