PT-2018-18727 · Synology · Synology Ssl Vpn Client

Yu-Chi Ding

Publicado

2018-07-06

Atualizado

2021-05-12

CVE-2018-8929

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Synology SSL VPN Client versions prior to 1.2.4-0224

Description The issue is related to an improper restriction of communication channels, allowing remote attackers to conduct man-in-the-middle attacks via a crafted payload. This affects the HTTP daemon in the Synology SSL VPN Client.

Recommendations For versions prior to 1.2.4-0224, update to version 1.2.4-0224 or later to resolve the issue. As a temporary workaround, consider restricting access to the HTTP daemon to minimize the risk of exploitation.

Correção

Cleartext Transmission of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-319CWE-417

Identificadores relacionados

CVE-2018-8929

Produtos afetados

Synology Ssl Vpn Client

PT-2018-18727 · Synology · Synology Ssl Vpn Client

CVE-2018-8929

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3