Vulnerability-Lookup

CVE-2013-6955 (GCVE-0-2013-6955)

Vulnerability from cvelistv5 – Published: 2014-01-09 11:00 – Updated: 2024-08-06 17:53

Summary

Severity ?

No CVSS data available.

CWE

Assigner

certcc

References

URL

GHSA-CF8X-55VW-78GP

Vulnerability from github – Published: 2022-05-17 04:54 – Updated: 2022-05-17 04:54

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-6955"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-01-09T18:07:00Z",
    "severity": "HIGH"
  },
  "details": "webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header.",
  "id": "GHSA-cf8x-55vw-78gp",
  "modified": "2022-05-17T04:54:58Z",
  "published": "2022-05-17T04:54:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6955"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/615910"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2013-6955

Vulnerability from fkie_nvd - Published: 2014-01-09 18:07 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

	URL	Tags
	cret@cert.org	http://www.kb.cert.org/vuls/id/615910	US Government Resource
	af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/615910	US Government Resource

Impacted products

Vendor	Product	Version
synology	diskstation_manager	4.0
synology	diskstation_manager	4.2
synology	diskstation_manager	4.3
synology	diskstation_manager	4.3-3810

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:synology:diskstation_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8E0CF7-8F1D-4C93-8144-A8C63D6561C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:synology:diskstation_manager:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8863F805-4F10-461F-A99F-F60E307140A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:synology:diskstation_manager:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D793AE32-C304-44CD-965B-3442AD3B6EC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:synology:diskstation_manager:4.3-3810:*:*:*:*:*:*:*",
              "matchCriteriaId": "2433AB50-BAB2-4C38-8033-3031903B0DC6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header."
    },
    {
      "lang": "es",
      "value": "webman/imageSelector.cgi en Synology DiskStation Manager (DSM) 4.0 anteriores a 4.0-2259, 4.2 anteriores a 4.2-3243, y 4.3 anteriores 4.3-3810 Update permite a atacantes remotos a\u00f1adir informaci\u00f3n a archivos de forma arbitraria, y consecuentemente ejecutar c\u00f3digo de forma arbitraria, a trav\u00e9s de una ruta en el header HTTP  SLICEUPLOAD X-TMP-FILE."
    }
  ],
  "id": "CVE-2013-6955",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-01-09T18:07:04.033",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/615910"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/615910"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201401-0159

Vulnerability from variot - Updated: 2023-12-18 12:08

webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header. Synology Provided by DiskStation Manager Is HTTP There is a problem with request processing, and there is a vulnerability with poor access control. Attacks using this vulnerability have been observed. Also, the attack code using this vulnerability has been released.By a remote third party, root It may be additionally written to a file on the system with permission. As a result, arbitrary code may be executed. Synology DiskStation Manager is prone to a remote command-execution vulnerability. An attacker can exploit this issue to execute arbitrary commands with root privileges. Synology DiskStation Manager 4.x are vulnerable; other versions may also be affected. Synology DiskStation Manager (DSM) is an operating system developed by Synology for network storage servers (NAS). The operating system can manage data, documents, photos, music and other information. A security vulnerability exists in the webman/imageSelector.cgi file in Synology DSM 4.3-3776-3 and earlier versions.

http://www.synology.com/en-global/company/news/article/437

February 14, 2014\x97Synology\xae confirmed known security issues (reported as CVE-2013-6955 and CVE-2013-6987) which would cause compromise to file access authority in DSM. An updated DSM version resolving these issues has been released accordingly.

The followings are possible symptoms to appear on affected DiskStation and RackStation:

Exceptionally high CPU usage detected in Resource Monitor:
CPU resource occupied by processes such as dhcp.pid, minerd, synodns, PWNED, PWNEDb, PWNEDg, PWNEDm, or any processes with PWNED in their names
Appearance of non-Synology folder:
An automatically created shared folder with the name \x93startup\x94, or a non-Synology folder appearing under the path of \x93/root/PWNED\x94
Redirection of the Web Station:
\x93Index.php\x94 is redirected to an unexpected page
Appearance of non-Synology CGI program:
Files with meaningless names exist under the path of \x93/usr/syno/synoman\x94
Appearance of non-Synology script file:
Non-Synology script files, such as \x93S99p.sh\x94, appear under the path of \x93/usr/syno/etc/rc.d\x94

If users identify any of above situation, they are strongly encouraged to do the following:

For DiskStation or RackStation running on DSM 4.3, please follow the instruction here (http://www.synology.com/en-global/support/faq/348) to REINSTALL DSM 4.3-3827. 
For DiskStation or RackStation running on DSM 4.0, it\x92s recommended to REINSTALL DSM 4.0-2259 or onward from Synology Download Center. 
For DiskStation or RackStation running on DSM 4.1 or DSM 4.2, it\x92s recommended to REINSTALL DSM 4.2-3243 or onward from Synology Download Center (http://www.synology.com/en-global/support/download).

Confidentiality Impact Complete (There is total information disclosure, resulting in all system files being revealed.) Integrity Impact Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.) Availability Impact Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.) Access Complexity Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. ) Authentication Not required (Authentication is not required to exploit the vulnerability.) Gained Access None Vulnerability Type(s) Execute Code

This is also known as the /PWNED or /lolz hack

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201401-0159",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "diskstation manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "synology",
        "version": "4.3-3810"
      },
      {
        "model": "diskstation manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "synology",
        "version": "4.3"
      },
      {
        "model": "diskstation manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "synology",
        "version": "4.0"
      },
      {
        "model": "diskstation manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "synology",
        "version": "4.2"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "synology",
        "version": null
      },
      {
        "model": "diskstation manager",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "synology",
        "version": "version 4.3-3776-3"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#615910"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001004"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6955"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-017"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:4.3-3810:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-6955"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Markus Wulftange",
    "sources": [
      {
        "db": "BID",
        "id": "64516"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-017"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2013-6955",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "availabilityRequirement": "NOT DEFINED",
            "baseScore": 10.0,
            "collateralDamagePotential": "LOW",
            "confidentialityImpact": "COMPLETE",
            "confidentialityRequirement": "NOT DEFINED",
            "enviromentalScore": 2.0,
            "exploitability": "PROOF-OF-CONCEPT",
            "exploitabilityScore": 10.0,
            "id": "CVE-2013-6955",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "integrityRequirement": "NOT DEFINED",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "remediationLevel": "OFFICIAL FIX",
            "reportConfidence": "CONFIRMED",
            "severity": "HIGH",
            "targetDistribution": "LOW",
            "trust": 0.8,
            "userInterationRequired": null,
            "vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2013-6955",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-66957",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-6955",
            "trust": 2.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201401-017",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-66957",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#615910"
      },
      {
        "db": "VULHUB",
        "id": "VHN-66957"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001004"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6955"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-017"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header. Synology Provided by DiskStation Manager Is HTTP There is a problem with request processing, and there is a vulnerability with poor access control. Attacks using this vulnerability have been observed. Also, the attack code using this vulnerability has been released.By a remote third party, root It may be additionally written to a file on the system with permission. As a result, arbitrary code may be executed. Synology DiskStation Manager is prone to a remote command-execution vulnerability. \nAn attacker can exploit this issue to execute arbitrary commands with root privileges. \nSynology DiskStation Manager 4.x are vulnerable; other versions may also be affected. Synology DiskStation Manager (DSM) is an operating system developed by Synology for network storage servers (NAS). The operating system can manage data, documents, photos, music and other information. A security vulnerability exists in the webman/imageSelector.cgi file in Synology DSM 4.3-3776-3 and earlier versions. \n\nhttp://www.synology.com/en-global/company/news/article/437\n\nFebruary 14, 2014\\x97Synology\\xae confirmed known security issues (reported as CVE-2013-6955 and CVE-2013-6987) which would cause compromise to file access authority in DSM. An updated DSM version resolving these issues has been released accordingly. \n\nThe followings are possible symptoms to appear on affected DiskStation and RackStation:\n\n    Exceptionally high CPU usage detected in Resource Monitor:\n    CPU resource occupied by processes such as dhcp.pid, minerd, synodns, PWNED, PWNEDb, PWNEDg, PWNEDm, or any processes with PWNED in their names\n    Appearance of non-Synology folder:\n    An automatically created shared folder with the name \\x93startup\\x94, or a non-Synology folder appearing under the path of \\x93/root/PWNED\\x94\n    Redirection of the Web Station:\n    \\x93Index.php\\x94 is redirected to an unexpected page\n    Appearance of non-Synology CGI program:\n    Files with meaningless names exist under the path of \\x93/usr/syno/synoman\\x94\n    Appearance of non-Synology script file:\n    Non-Synology script files, such as \\x93S99p.sh\\x94, appear under the path of \\x93/usr/syno/etc/rc.d\\x94\n\nIf users identify any of above situation, they are strongly encouraged to do the following:\n\n    For DiskStation or RackStation running on DSM 4.3, please follow the instruction here (http://www.synology.com/en-global/support/faq/348) to REINSTALL DSM 4.3-3827. \n    For DiskStation or RackStation running on DSM 4.0, it\\x92s recommended to REINSTALL DSM 4.0-2259 or onward from Synology Download Center. \n    For DiskStation or RackStation running on DSM 4.1 or DSM 4.2, it\\x92s recommended to REINSTALL DSM 4.2-3243 or onward from Synology Download Center (http://www.synology.com/en-global/support/download). \n\nConfidentiality Impact \tComplete (There is total information disclosure, resulting in all system files being revealed.)\nIntegrity Impact \tComplete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)\nAvailability Impact \tComplete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)\nAccess Complexity \tLow (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )\nAuthentication \tNot required (Authentication is not required to exploit the vulnerability.)\nGained Access \tNone\nVulnerability Type(s) \tExecute Code\n\nThis is also known as the /PWNED or /lolz hack",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-6955"
      },
      {
        "db": "CERT/CC",
        "id": "VU#615910"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001004"
      },
      {
        "db": "BID",
        "id": "64516"
      },
      {
        "db": "VULHUB",
        "id": "VHN-66957"
      },
      {
        "db": "PACKETSTORM",
        "id": "125864"
      }
    ],
    "trust": 2.79
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-66957",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66957"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-6955",
        "trust": 3.7
      },
      {
        "db": "CERT/CC",
        "id": "VU#615910",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "64516",
        "trust": 1.0
      },
      {
        "db": "JVN",
        "id": "JVNVU95919136",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001004",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-017",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "125864",
        "trust": 0.2
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-83853",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "30470",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "124568",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-66957",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#615910"
      },
      {
        "db": "VULHUB",
        "id": "VHN-66957"
      },
      {
        "db": "BID",
        "id": "64516"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001004"
      },
      {
        "db": "PACKETSTORM",
        "id": "125864"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6955"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-017"
      }
    ]
  },
  "id": "VAR-201401-0159",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66957"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:08:54.019000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "DiskStation Manager",
        "trust": 0.8,
        "url": "http://www.synology.com/ja-jp/dsm/index"
      },
      {
        "title": "\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u30bb\u30f3\u30bf\u30fc",
        "trust": 0.8,
        "url": "http://www.synology.com/ja-jp/support/download"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001004"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66957"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001004"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6955"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.kb.cert.org/vuls/id/615910"
      },
      {
        "trust": 0.8,
        "url": "http://www.synology.com/en-us/dsm/index"
      },
      {
        "trust": 0.8,
        "url": "http://www.synology.com/en-us/support/download "
      },
      {
        "trust": 0.8,
        "url": "http://www.npa.go.jp/cyberpolice/detect/pdf/20140305.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6955"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu95919136"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6955"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/64516"
      },
      {
        "trust": 0.1,
        "url": "http://www.synology.com/en-global/company/news/article/437"
      },
      {
        "trust": 0.1,
        "url": "http://www.synology.com/en-global/support/faq/348)"
      },
      {
        "trust": 0.1,
        "url": "http://www.synology.com/en-global/support/download)."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6987"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6955"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#615910"
      },
      {
        "db": "VULHUB",
        "id": "VHN-66957"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001004"
      },
      {
        "db": "PACKETSTORM",
        "id": "125864"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6955"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-017"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#615910"
      },
      {
        "db": "VULHUB",
        "id": "VHN-66957"
      },
      {
        "db": "BID",
        "id": "64516"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001004"
      },
      {
        "db": "PACKETSTORM",
        "id": "125864"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6955"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-017"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-01-07T00:00:00",
        "db": "CERT/CC",
        "id": "VU#615910"
      },
      {
        "date": "2014-01-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-66957"
      },
      {
        "date": "2013-12-25T00:00:00",
        "db": "BID",
        "id": "64516"
      },
      {
        "date": "2014-01-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-001004"
      },
      {
        "date": "2014-03-25T23:12:57",
        "db": "PACKETSTORM",
        "id": "125864"
      },
      {
        "date": "2014-01-09T18:07:04.033000",
        "db": "NVD",
        "id": "CVE-2013-6955"
      },
      {
        "date": "2013-12-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201401-017"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-01-07T00:00:00",
        "db": "CERT/CC",
        "id": "VU#615910"
      },
      {
        "date": "2014-01-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-66957"
      },
      {
        "date": "2014-01-09T00:40:00",
        "db": "BID",
        "id": "64516"
      },
      {
        "date": "2014-03-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-001004"
      },
      {
        "date": "2014-01-10T13:54:24.450000",
        "db": "NVD",
        "id": "CVE-2013-6955"
      },
      {
        "date": "2014-01-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201401-017"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "125864"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-017"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Synology DiskStation Manager arbitrary file modification",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#615910"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-017"
      }
    ],
    "trust": 0.6
  }
}

GSD-2013-6955

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-6955

Aliases

CVE-2013-6955

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-6955",
    "description": "webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header.",
    "id": "GSD-2013-6955",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2013-6955"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-6955"
      ],
      "details": "webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header.",
      "id": "GSD-2013-6955",
      "modified": "2023-12-13T01:22:19.492935Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2013-6955",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "VU#615910",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/615910"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:4.3-3810:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2013-6955"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#615910",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/615910"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2014-01-10T13:54Z",
      "publishedDate": "2014-01-09T18:07Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-6955 (GCVE-0-2013-6955)

GHSA-CF8X-55VW-78GP

FKIE_CVE-2013-6955

VAR-201401-0159

GSD-2013-6955

Tags

Sightings

Nomenclature