Daffodil International University

Faculty of Science and Information Technology => Recent Technologies and Trends in Software Engineering => Software Engineering => Cyber and Software Security => Topic started by: maruf.swe on March 30, 2019, 02:23:20 AM

Title: Multiple Bugs Found in QNAP Q’Center Web Console
Post by: maruf.swe on March 30, 2019, 02:23:20 AM
(https://media.threatpost.com/wp-content/uploads/sites/103/2018/07/11143234/AdobeStock_90394392-e1531333965190.jpeg)
QNAP said in a security advisorythat it has fixed the issues in Q’Center Virtual Appliance, and urged customers to update to the latest version.

Researchers found an array of high severity vulnerabilities in network storage vendor QNAP’s web console, which could enable an authenticated attacker to gain privileges and execute arbitrary commands on the system.

The web-based platform, Q’center, allows users to manage network attached storage across multiple sites. According to SecureAuth and CoreSecurity’s security advisory, issued Wednesday, Q’center version 1.6.1056 and Q’center version 1.6.1075 are impacted.

“Multiple vulnerabilities were found in the QCenter web console that would allow an attacker to execute arbitrary commands on the system,” researchers said. “QNAP’s QCenter web console includes a functionality that would allow an authenticated attacker to elevate privileges on the system.”

QNAP said in a security advisory that it has fixed the issues in Q’center Virtual Appliance version 1.7.1083 and later, and urged customers to update to the latest version.

For More Details : https://threatpost.com/multiple-bugs-found-in-qnap-qcenter-web-console/133884/ (https://threatpost.com/multiple-bugs-found-in-qnap-qcenter-web-console/133884/)
Title: Re: Multiple Bugs Found in QNAP Q’Center Web Console
Post by: lamisha on July 10, 2019, 09:43:49 AM
thanks for sharing