CVE-2020-2499
Hard-coded Password Vulnerability in QES
Severity Score
7.2
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow attackers to log in with a hard-coded password. QNAP has already fixed the issue in QES 2.1.1 Build 20200515 and later.
Se ha reportado de una vulnerabilidad de contraseña embebida que afecta a versiones anteriores de QES. Si es explotada, esta vulnerabilidad podría permitir a atacantes iniciar sesión con una contraseña embebida. QNAP ya ha corregido el problema en QES versión 2.1.1 Build 20200515 y posteriores
*Credits:
Lodestone Security
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-12-09 CVE Reserved
- 2020-12-24 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-259: Use of Hard-coded Password
- CWE-522: Insufficiently Protected Credentials
- CWE-798: Use of Hard-coded Credentials
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.qnap.com/zh-tw/security-advisory/qsa-20-19 | 2020-12-28 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qnap Search vendor "Qnap" | Qes Search vendor "Qnap" for product "Qes" | < 2.1.1 Search vendor "Qnap" for product "Qes" and version " < 2.1.1" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qes Search vendor "Qnap" for product "Qes" | 2.1.1 Search vendor "Qnap" for product "Qes" and version "2.1.1" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qes Search vendor "Qnap" for product "Qes" | 2.1.1 Search vendor "Qnap" for product "Qes" and version "2.1.1" | build_20200211 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qes Search vendor "Qnap" for product "Qes" | 2.1.1 Search vendor "Qnap" for product "Qes" and version "2.1.1" | build_20200303 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qes Search vendor "Qnap" for product "Qes" | 2.1.1 Search vendor "Qnap" for product "Qes" and version "2.1.1" | build_20200319 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qes Search vendor "Qnap" for product "Qes" | 2.1.1 Search vendor "Qnap" for product "Qes" and version "2.1.1" | build_20200424 |
Affected
| ||||||