VAR-202010-0967
Vulnerability from variot - Updated: 2023-12-18 13:42Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors. Synology DiskStation Manager (DSM) is an operating system for network storage servers (NAS) developed by Synology, Taiwan. The operating system can manage data, documents, photos, music and other information. Synology Router Manager (SRM) versions prior to 1.2.4-8081 have a security vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-0967",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "diskstation manager",
"scope": "gte",
"trust": 1.0,
"vendor": "synology",
"version": "6.2"
},
{
"model": "diskstation manager",
"scope": "lt",
"trust": 1.0,
"vendor": "synology",
"version": "6.2.3-25426-2"
},
{
"model": "diskstation manager",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": "diskstation manager",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": "6.2.3-25426-2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012781"
},
{
"db": "NVD",
"id": "CVE-2020-27656"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.2.3-25426-2",
"versionStartIncluding": "6.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-27656"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Claudio Bozzato of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-1661"
}
],
"trust": 0.6
},
"cve": "CVE-2020-27656",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-27656",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-371565",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security@synology.com",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.2,
"impactScore": 3.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.7,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2020-27656",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-27656",
"trust": 1.8,
"value": "LOW"
},
{
"author": "security@synology.com",
"id": "CVE-2020-27656",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-1661",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-1641",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-371565",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-371565"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012781"
},
{
"db": "NVD",
"id": "CVE-2020-27656"
},
{
"db": "NVD",
"id": "CVE-2020-27656"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1661"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1641"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors. Synology DiskStation Manager (DSM) is an operating system for network storage servers (NAS) developed by Synology, Taiwan. The operating system can manage data, documents, photos, music and other information. Synology Router Manager (SRM) versions prior to 1.2.4-8081 have a security vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-27656"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012781"
},
{
"db": "VULHUB",
"id": "VHN-371565"
},
{
"db": "VULMON",
"id": "CVE-2020-27656"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-27656",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2020-1071",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012781",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1661",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1641",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-60458",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-371565",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-27656",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-371565"
},
{
"db": "VULMON",
"id": "CVE-2020-27656"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012781"
},
{
"db": "NVD",
"id": "CVE-2020-27656"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1661"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1641"
}
]
},
"id": "VAR-202010-0967",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-371565"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:42:49.120000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology-SA-20",
"trust": 0.8,
"url": "https://www.synology.com/security/advisory/synology_sa_20_18"
},
{
"title": "Synology DiskStation Manager Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=131816"
},
{
"title": "Synology DiskStation Manager Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=132135"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012781"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1661"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1641"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.1
},
{
"problemtype": "Sending important information in clear text (CWE-319) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-371565"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012781"
},
{
"db": "NVD",
"id": "CVE-2020-27656"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.synology.com/security/advisory/synology_sa_20_18"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27656"
},
{
"trust": 1.2,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2020-1071"
},
{
"trust": 1.2,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2020-1071"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-371565"
},
{
"db": "VULMON",
"id": "CVE-2020-27656"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012781"
},
{
"db": "NVD",
"id": "CVE-2020-27656"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1661"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1641"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-371565"
},
{
"db": "VULMON",
"id": "CVE-2020-27656"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012781"
},
{
"db": "NVD",
"id": "CVE-2020-27656"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1661"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1641"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-29T00:00:00",
"db": "VULHUB",
"id": "VHN-371565"
},
{
"date": "2020-10-29T00:00:00",
"db": "VULMON",
"id": "CVE-2020-27656"
},
{
"date": "2021-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-012781"
},
{
"date": "2020-10-29T09:15:13.497000",
"db": "NVD",
"id": "CVE-2020-27656"
},
{
"date": "2020-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-1661"
},
{
"date": "2020-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-1641"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-03T00:00:00",
"db": "VULHUB",
"id": "VHN-371565"
},
{
"date": "2020-11-03T00:00:00",
"db": "VULMON",
"id": "CVE-2020-27656"
},
{
"date": "2021-06-03T08:31:00",
"db": "JVNDB",
"id": "JVNDB-2020-012781"
},
{
"date": "2020-11-03T21:02:22.117000",
"db": "NVD",
"id": "CVE-2020-27656"
},
{
"date": "2020-10-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-1661"
},
{
"date": "2020-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-1641"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-1661"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1641"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology DiskStation Manager Information disclosure vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-1661"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1641"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-1661"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1641"
}
],
"trust": 1.2
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…