Details of VAR-201806-1565

ID

VAR-201806-1565

CVE

CVE-2018-8926

TITLE

Synology Photo Station Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-005959

DESCRIPTION

Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter. Synology Photo Station Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet. A security vulnerability exists in Synology Photo Station versions prior to 6.8.5-3471 and versions prior to 6.3-2975

Trust: 1.71

sources: NVD: CVE-2018-8926 // JVNDB: JVNDB-2018-005959 // VULHUB: VHN-138958

AFFECTED PRODUCTS

vendor:	synology	model:	photo station	scope:	lt	version:	6.8.5-3471	Trust: 1.8
vendor:	synology	model:	photo station	scope:	gte	version:	6.8.0-3456	Trust: 1.0
vendor:	synology	model:	photo station	scope:	gte	version:	6.3-2958	Trust: 1.0
vendor:	synology	model:	photo station	scope:	lte	version:	6.3-2975	Trust: 1.0
vendor:	synology	model:	photo station	scope:	lt	version:	6.3-2975	Trust: 0.8
vendor:	synology	model:	photo station	scope:	eq	version:	6.3-2971	Trust: 0.6
vendor:	synology	model:	photo station	scope:	eq	version:	6.3-2960	Trust: 0.6
vendor:	synology	model:	photo station	scope:	eq	version:	6.3-2965	Trust: 0.6
vendor:	synology	model:	photo station	scope:	eq	version:	6.3-2958	Trust: 0.6
vendor:	synology	model:	photo station	scope:	eq	version:	6.3-2964	Trust: 0.6
vendor:	synology	model:	photo station	scope:	eq	version:	6.3-2963	Trust: 0.6
vendor:	synology	model:	photo station	scope:	eq	version:	6.3-2962	Trust: 0.6
vendor:	synology	model:	photo station	scope:	eq	version:	6.3-2968	Trust: 0.6
vendor:	synology	model:	photo station	scope:	eq	version:	6.3-2967	Trust: 0.6
vendor:	synology	model:	photo station	scope:	eq	version:	6.3-2970	Trust: 0.6

sources: JVNDB: JVNDB-2018-005959 // CNNVD: CNNVD-201806-643 // NVD: CVE-2018-8926

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-8926
value:	HIGH
Trust: 1.0
security@synology.com:	CVE-2018-8926
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-8926
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201806-643
value:	HIGH
Trust: 0.6
VULHUB:	VHN-138958
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-8926
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-138958
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-8926
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 2.8

sources: VULHUB: VHN-138958 // JVNDB: JVNDB-2018-005959 // CNNVD: CNNVD-201806-643 // NVD: CVE-2018-8926 // NVD: CVE-2018-8926

PROBLEMTYPE DATA

problemtype:	CWE-625	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-138958 // JVNDB: JVNDB-2018-005959 // NVD: CVE-2018-8926

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-643

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201806-643

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-005959

PATCH

title:	Synology_SA_18_15	url:	https://www.synology.com/zh-tw/support/security/Synology_SA_18_15	Trust: 0.8
title:	Synology Photo Station Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80837	Trust: 0.6

sources: JVNDB: JVNDB-2018-005959 // CNNVD: CNNVD-201806-643

EXTERNAL IDS

db:	NVD	id:	CVE-2018-8926	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-005959	Trust: 0.8
db:	CNNVD	id:	CNNVD-201806-643	Trust: 0.7
db:	VULHUB	id:	VHN-138958	Trust: 0.1

sources: VULHUB: VHN-138958 // JVNDB: JVNDB-2018-005959 // CNNVD: CNNVD-201806-643 // NVD: CVE-2018-8926

REFERENCES

url:	https://www.synology.com/zh-tw/support/security/synology_sa_18_15	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8926	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-8926	Trust: 0.8

sources: VULHUB: VHN-138958 // JVNDB: JVNDB-2018-005959 // CNNVD: CNNVD-201806-643 // NVD: CVE-2018-8926

SOURCES

db:	VULHUB	id:	VHN-138958
db:	JVNDB	id:	JVNDB-2018-005959
db:	CNNVD	id:	CNNVD-201806-643
db:	NVD	id:	CVE-2018-8926

LAST UPDATE DATE

2024-11-23T21:38:46.987000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-138958	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2018-005959	date:	2018-08-03T00:00:00
db:	CNNVD	id:	CNNVD-201806-643	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-8926	date:	2024-11-21T04:14:37.077

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-138958	date:	2018-06-08T00:00:00
db:	JVNDB	id:	JVNDB-2018-005959	date:	2018-08-03T00:00:00
db:	CNNVD	id:	CNNVD-201806-643	date:	2018-06-11T00:00:00
db:	NVD	id:	CVE-2018-8926	date:	2018-06-08T13:29:01.470