CVE-2020-2500 — CRITICAL (9.8)

Q: How severe is CVE-2020-2500?

CVE-2020-2500 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2020-2500?

Check the references section above for vendor advisories and patch information. Affected products include: Qnap Helpdesk.

Vulnerability Description

This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. Attackers can access the sensitive data on QNAP Kayako server with API keys. We have replaced the API key to mitigate the vulnerability, and already fixed the issue in Helpdesk 3.0.1 and later versions.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Qnap	Helpdesk	< 3.0.1

Related Weaknesses (CWE)

CWE-321 CWE-284 CWE-798

References

https://www.qnap.com/zh-tw/security-advisory/qsa-20-03Vendor Advisory
https://www.qnap.com/zh-tw/security-advisory/qsa-20-03Vendor Advisory

FAQ

What is CVE-2020-2500?

CVE-2020-2500 is a vulnerability with a CVSS score of 9.8 (CRITICAL). This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. Attackers can access the sensitive data on QNAP Kayako server with API keys. We have repl...

How severe is CVE-2020-2500?

CVE-2020-2500 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-2500?

Check the references section above for vendor advisories and patch information. Affected products include: Qnap Helpdesk.