Sign-up

ID

VAR-201707-1038


CVE

CVE-2017-9553


TITLE

Synology DiskStation Manager Cryptographic vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-006949

DESCRIPTION

A design flaw in SYNO.API.Encryption in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter. Synology DiskStation Manager (DSM) Contains a cryptographic vulnerability.Information may be obtained. Synology DiskStation Manager (DSM) is an operating system developed by Synology for network storage servers (NAS). The operating system can manage data, documents, photos, music and other information. There is a security vulnerability in SYNO.API.Encryption in versions earlier than Synology DSM 6.1.3-15152

Trust: 1.71

sources: NVD: CVE-2017-9553 // JVNDB: JVNDB-2017-006949 // VULHUB: VHN-117756

AFFECTED PRODUCTS

vendor:synologymodel:diskstation managerscope:lteversion:6.1.1-15101-4

Trust: 1.0

vendor:synologymodel:diskstation managerscope:ltversion:6.1.3-15152

Trust: 0.8

vendor:synologymodel:diskstation managerscope:eqversion:6.1.1-15101-4

Trust: 0.6

sources: JVNDB: JVNDB-2017-006949 // CNNVD: CNNVD-201707-1157 // NVD: CVE-2017-9553

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-9553
value: HIGH

Trust: 1.0

NVD: CVE-2017-9553
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201707-1157
value: HIGH

Trust: 0.6

VULHUB: VHN-117756
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-9553
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-117756
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-9553
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-117756 // JVNDB: JVNDB-2017-006949 // CNNVD: CNNVD-201707-1157 // NVD: CVE-2017-9553

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-310

Trust: 0.9

sources: VULHUB: VHN-117756 // JVNDB: JVNDB-2017-006949 // NVD: CVE-2017-9553

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-1157

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201707-1157

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-006949

PATCH
title:Synology-SA-17:29 DSMurl:https://www.synology.com/en-global/support/security/Synology_SA_17_29_DSM
Trust: 0.8
title:Synology DiskStation Manager Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72014
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-006949 // 
            
            
            
            CNNVD: CNNVD-201707-1157

EXTERNAL IDS
db:NVDid:CVE-2017-9553
Trust: 2.5
db:JVNDBid:JVNDB-2017-006949
Trust: 0.8
db:CNNVDid:CNNVD-201707-1157
Trust: 0.7
db:VULHUBid:VHN-117756
Trust: 0.1
sources:
            
            
            VULHUB: VHN-117756 // 
            
            
            
            JVNDB: JVNDB-2017-006949 // 
            
            
            
            CNNVD: CNNVD-201707-1157 // 
            
            
            
            NVD: CVE-2017-9553

REFERENCES
url:https://www.synology.com/en-global/support/security/synology_sa_17_29_dsm
Trust: 1.7
url:https://www.2-sec.com/2017/06/2-secs-expert-team-uncovers-new-vulnerability-popular-synology-nas-device/
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9553
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-9553
Trust: 0.8
sources:
            
            
            VULHUB: VHN-117756 // 
            
            
            
            JVNDB: JVNDB-2017-006949 // 
            
            
            
            CNNVD: CNNVD-201707-1157 // 
            
            
            
            NVD: CVE-2017-9553

SOURCES
db:VULHUBid:VHN-117756
db:JVNDBid:JVNDB-2017-006949
db:CNNVDid:CNNVD-201707-1157
db:NVDid:CVE-2017-9553

LAST UPDATE DATE
2024-11-23T22:07:18.795000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-117756date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-006949date:2017-09-07T00:00:00
db:CNNVDid:CNNVD-201707-1157date:2019-10-23T00:00:00
db:NVDid:CVE-2017-9553date:2024-11-21T03:36:23.030

SOURCES RELEASE DATE
db:VULHUBid:VHN-117756date:2017-07-24T00:00:00
db:JVNDBid:JVNDB-2017-006949date:2017-09-07T00:00:00
db:CNNVDid:CNNVD-201707-1157date:2017-07-25T00:00:00
db:NVDid:CVE-2017-9553date:2017-07-24T20:29:00.217