Sign-up

ID

VAR-201904-0613


CVE

CVE-2018-13298


TITLE

Synology Android Moments Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-015168

DESCRIPTION

Channel accessible by non-endpoint vulnerability in privacy page in Synology Android Moments before 1.2.3-199 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors. Synology Android Moments Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Synology Android Moments is an Android-based application developed by Synology Corporation of Taiwan, China, for viewing various documents stored in Synology Drive. The privacy page in versions prior to Synology Android Moments 1.2.3-199 is vulnerable to permissions and access control issues

Trust: 1.71

sources: NVD: CVE-2018-13298 // JVNDB: JVNDB-2018-015168 // VULHUB: VHN-123343

AFFECTED PRODUCTS

vendor:synologymodel:momentsscope:ltversion:1.2.3-199

Trust: 1.8

sources: JVNDB: JVNDB-2018-015168 // NVD: CVE-2018-13298

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-13298
value: HIGH

Trust: 1.0

security@synology.com: CVE-2018-13298
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-13298
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-018
value: HIGH

Trust: 0.6

VULHUB: VHN-123343
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-13298
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-123343
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-13298
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.0

Trust: 1.8

security@synology.com: CVE-2018-13298
baseSeverity: MEDIUM
baseScore: 4.2
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.6
impactScore: 2.5
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-123343 // JVNDB: JVNDB-2018-015168 // CNNVD: CNNVD-201904-018 // NVD: CVE-2018-13298 // NVD: CVE-2018-13298

PROBLEMTYPE DATA

problemtype:CWE-300

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-123343 // JVNDB: JVNDB-2018-015168 // NVD: CVE-2018-13298

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-018

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201904-018

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015168

PATCH
title:Synology-SA-18:52 Android Momentsurl:https://www.synology.com/ja-jp/security/advisory/Synology_SA_18_52
Trust: 0.8
title:Synology Android Moments Fixes for permissions and access control issues vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90934
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-015168 // 
            
            
            
            CNNVD: CNNVD-201904-018

EXTERNAL IDS
db:NVDid:CVE-2018-13298
Trust: 2.5
db:JVNDBid:JVNDB-2018-015168
Trust: 0.8
db:CNNVDid:CNNVD-201904-018
Trust: 0.7
db:VULHUBid:VHN-123343
Trust: 0.1
sources:
            
            
            VULHUB: VHN-123343 // 
            
            
            
            JVNDB: JVNDB-2018-015168 // 
            
            
            
            CNNVD: CNNVD-201904-018 // 
            
            
            
            NVD: CVE-2018-13298

REFERENCES
url:https://www.synology.com/security/advisory/synology_sa_18_52
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-13298
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13298
Trust: 0.8
sources:
            
            
            VULHUB: VHN-123343 // 
            
            
            
            JVNDB: JVNDB-2018-015168 // 
            
            
            
            CNNVD: CNNVD-201904-018 // 
            
            
            
            NVD: CVE-2018-13298

SOURCES
db:VULHUBid:VHN-123343
db:JVNDBid:JVNDB-2018-015168
db:CNNVDid:CNNVD-201904-018
db:NVDid:CVE-2018-13298

LAST UPDATE DATE
2024-11-23T22:37:53.300000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-123343date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-015168date:2019-05-09T00:00:00
db:CNNVDid:CNNVD-201904-018date:2019-10-17T00:00:00
db:NVDid:CVE-2018-13298date:2024-11-21T03:46:47.380

SOURCES RELEASE DATE
db:VULHUBid:VHN-123343date:2019-04-01T00:00:00
db:JVNDBid:JVNDB-2018-015168date:2019-05-09T00:00:00
db:CNNVDid:CNNVD-201904-018date:2019-04-01T00:00:00
db:NVDid:CVE-2018-13298date:2019-04-01T15:29:00.890