CVE-2018-19946

CWE-295Improper Certificate ValidationCWE-2973 documents3 sources
Severity
5.9MEDIUM
EPSS
0.1%
top 72.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems Inc. HelpdeskQnap Helpdesk
Timeline
PublishedSep 11
Latest updateMay 24

Description

The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this improper certificate validation vulnerability could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. QNAP has already fixed the issue in Helpdesk 3.0.3 and later.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 1.6 | Impact: 2.5

Affected Packages2 packages

NVDqnap/helpdesk< 3.0.3
CVEListV5qnap_systems_inc./helpdeskunspecified3.0.3

🔴Vulnerability Details

2
GHSA
GHSA-j6wf-jr95-r768: The vulnerability have been reported to affect earlier versions of Helpdesk2022-05-24
CVEList
CVE-2018-19946: The vulnerability have been reported to affect earlier versions of Helpdesk2020-09-11
CVE-2018-19946 (MEDIUM CVSS 5.9) | The vulnerability have been reporte | cvebase.io