Sign-up

ID

VAR-201904-0598


CVE

CVE-2018-13283


TITLE

Synology SSL VPN Client Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-015186

DESCRIPTION

Lack of administrator control over security vulnerability in client.cgi in Synology SSL VPN Client before 1.2.5-0226 allows remote attackers to conduct man-in-the-middle attacks via the (1) command, (2) hostname, or (3) port parameter. Synology SSL VPN Client Contains vulnerabilities related to authorization, permissions, and access control.Information may be obtained and information may be altered. Synology SSL VPN Client is a VPN client software developed by Synology Corporation of Taiwan, China for securely connecting to Synology NAS. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products

Trust: 1.71

sources: NVD: CVE-2018-13283 // JVNDB: JVNDB-2018-015186 // VULHUB: VHN-123327

AFFECTED PRODUCTS

vendor:synologymodel:ssl vpn clientscope:ltversion:1.2.5-0226

Trust: 1.8

sources: JVNDB: JVNDB-2018-015186 // NVD: CVE-2018-13283

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-13283
value: HIGH

Trust: 1.0

security@synology.com: CVE-2018-13283
value: HIGH

Trust: 1.0

NVD: CVE-2018-13283
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-003
value: HIGH

Trust: 0.6

VULHUB: VHN-123327
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-13283
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-123327
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-13283
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 5.2
version: 3.0

Trust: 1.8

security@synology.com: CVE-2018-13283
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-123327 // JVNDB: JVNDB-2018-015186 // CNNVD: CNNVD-201904-003 // NVD: CVE-2018-13283 // NVD: CVE-2018-13283

PROBLEMTYPE DATA

problemtype:CWE-671

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-123327 // JVNDB: JVNDB-2018-015186 // NVD: CVE-2018-13283

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-003

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201904-003

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015186

PATCH
title:Synology-SA-18:30 SSL VPN Clienturl:https://www.synology.com/security/advisory/Synology_SA_18_30
Trust: 0.8
title:Synology SSL VPN Client Fixes for permissions and access control issues vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90919
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-015186 // 
            
            
            
            CNNVD: CNNVD-201904-003

EXTERNAL IDS
db:NVDid:CVE-2018-13283
Trust: 2.5
db:JVNDBid:JVNDB-2018-015186
Trust: 0.8
db:CNNVDid:CNNVD-201904-003
Trust: 0.7
db:VULHUBid:VHN-123327
Trust: 0.1
sources:
            
            
            VULHUB: VHN-123327 // 
            
            
            
            JVNDB: JVNDB-2018-015186 // 
            
            
            
            CNNVD: CNNVD-201904-003 // 
            
            
            
            NVD: CVE-2018-13283

REFERENCES
url:https://www.synology.com/security/advisory/synology_sa_18_30
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-13283
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13283
Trust: 0.8
sources:
            
            
            VULHUB: VHN-123327 // 
            
            
            
            JVNDB: JVNDB-2018-015186 // 
            
            
            
            CNNVD: CNNVD-201904-003 // 
            
            
            
            NVD: CVE-2018-13283

SOURCES
db:VULHUBid:VHN-123327
db:JVNDBid:JVNDB-2018-015186
db:CNNVDid:CNNVD-201904-003
db:NVDid:CVE-2018-13283

LAST UPDATE DATE
2024-11-23T23:04:48.282000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-123327date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-015186date:2019-05-09T00:00:00
db:CNNVDid:CNNVD-201904-003date:2019-10-17T00:00:00
db:NVDid:CVE-2018-13283date:2024-11-21T03:46:45.287

SOURCES RELEASE DATE
db:VULHUBid:VHN-123327date:2019-04-01T00:00:00
db:JVNDBid:JVNDB-2018-015186date:2019-05-09T00:00:00
db:CNNVDid:CNNVD-201904-003date:2019-04-01T00:00:00
db:NVDid:CVE-2018-13283date:2019-04-01T15:29:00.357