PT-2018-18727 · Synology · Synology Ssl Vpn Client

Yu-Chi Ding

Published

2018-07-06

Updated

2021-05-12

CVE-2018-8929

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Synology SSL VPN Client versions prior to 1.2.4-0224

Description The issue is related to an improper restriction of communication channels, allowing remote attackers to conduct man-in-the-middle attacks via a crafted payload. This affects the HTTP daemon in the Synology SSL VPN Client.

Recommendations For versions prior to 1.2.4-0224, update to version 1.2.4-0224 or later to resolve the issue. As a temporary workaround, consider restricting access to the HTTP daemon to minimize the risk of exploitation.

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319CWE-417

Related Identifiers

CVE-2018-8929

Affected Products

Synology Ssl Vpn Client

PT-2018-18727 · Synology · Synology Ssl Vpn Client

CVE-2018-8929

Weakness Enumeration

Related Identifiers

Affected Products

References · 3