Details of VAR-201807-0220

ID

VAR-201807-0220

CVE

CVE-2017-16773

TITLE

Synology Universal Search Authorization vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-014042

DESCRIPTION

Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode. Synology Universal Search Contains an authorization vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Synology Universal Search is a Synology company's software for searching applications and files in Synology NAS. Highlight Preview is one of the highlighted components. Highlight Preview in versions prior to Synology Universal Search 1.0.5-0135 has a security vulnerability

Trust: 1.71

sources: NVD: CVE-2017-16773 // JVNDB: JVNDB-2017-014042 // VULHUB: VHN-107729

AFFECTED PRODUCTS

vendor:

synology

model:

universal search

scope:

version:

1.0.5-0135

Trust: 1.8

sources: JVNDB: JVNDB-2017-014042 // NVD: CVE-2017-16773

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-16773
value:	HIGH
Trust: 1.0
security@synology.com:	CVE-2017-16773
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-16773
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201711-362
value:	HIGH
Trust: 0.6
VULHUB:	VHN-107729
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-16773
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-107729
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-16773
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8
security@synology.com:	CVE-2017-16773
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-107729 // JVNDB: JVNDB-2017-014042 // CNNVD: CNNVD-201711-362 // NVD: CVE-2017-16773 // NVD: CVE-2017-16773

PROBLEMTYPE DATA

problemtype:	CWE-285	Trust: 1.9
problemtype:	CWE-863	Trust: 1.1

sources: VULHUB: VHN-107729 // JVNDB: JVNDB-2017-014042 // NVD: CVE-2017-16773

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-362

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201711-362

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014042

PATCH

title:	Synology-SA-18:27	url:	https://www.synology.com/en-global/support/security/Synology_SA_18_27	Trust: 0.8
title:	Synology Universal Search Highlight Preview Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100173	Trust: 0.6

sources: JVNDB: JVNDB-2017-014042 // CNNVD: CNNVD-201711-362

EXTERNAL IDS

db:	NVD	id:	CVE-2017-16773	Trust: 2.5
db:	JVNDB	id:	JVNDB-2017-014042	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-362	Trust: 0.7
db:	VULHUB	id:	VHN-107729	Trust: 0.1

sources: VULHUB: VHN-107729 // JVNDB: JVNDB-2017-014042 // CNNVD: CNNVD-201711-362 // NVD: CVE-2017-16773

REFERENCES

url:	https://www.synology.com/en-global/support/security/synology_sa_18_27	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16773	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-16773	Trust: 0.8

sources: VULHUB: VHN-107729 // JVNDB: JVNDB-2017-014042 // CNNVD: CNNVD-201711-362 // NVD: CVE-2017-16773

SOURCES

db:	VULHUB	id:	VHN-107729
db:	JVNDB	id:	JVNDB-2017-014042
db:	CNNVD	id:	CNNVD-201711-362
db:	NVD	id:	CVE-2017-16773

LAST UPDATE DATE

2024-11-23T21:52:59.928000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-107729	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2017-014042	date:	2018-10-01T00:00:00
db:	CNNVD	id:	CNNVD-201711-362	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-16773	date:	2024-11-21T03:16:56.680

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-107729	date:	2018-07-05T00:00:00
db:	JVNDB	id:	JVNDB-2017-014042	date:	2018-10-01T00:00:00
db:	CNNVD	id:	CNNVD-201711-362	date:	2017-11-13T00:00:00
db:	NVD	id:	CVE-2017-16773	date:	2018-07-05T13:29:00.240