QNAP has issued a security advisory regarding an improper certificate validation vulnerability in its Helpdesk app. The vulnerability, identified as CVE-2024-50394 and assigned a CVSSv3 score of 7.7, could allow remote attackers to compromise the security of QNAP systems running vulnerable versions of the app.
The vulnerability stems from improper validation of certificates, which could allow an attacker to bypass security measures and gain unauthorized access to the system. This could lead to data breaches, malware installation, or complete system takeover.
The vulnerability affects QNAP Helpdesk version 3.3.x. Systems where Helpdesk is disabled are not affected.
QNAP has addressed the vulnerability in Helpdesk version 3.3.3 and later. Users are strongly advised to update to the latest version to mitigate the risk.
To update QNAP Helpdesk, follow these steps:
- Log in to QTS or QuTS hero as an administrator.
- Open the App Center.
- Search for “Helpdesk”.
- Click “Update”.
- Confirm the update.
QNAP acknowledges Corentin ‘@OnlyTheDuck’ BAYET for reporting this vulnerability.
QNAP users are encouraged to regularly check for updates and apply them promptly to protect their systems from potential threats.
Related Posts:
- “Helpdesk Support” Phishing Campaign Targets Outlook Credentials
- QNAP detects a large number of ransomware attacks
- QNAP Addresses High Severity Vulnerabilities in License Center and Operating Systems
- DeadBolt ransomware is threatening QNAP users
- QNAP Counters Massive Weak Password Onslaught, Shields NAS Devices
