Details of VAR-201707-1039

ID

VAR-201707-1039

CVE

CVE-2017-9554

TITLE

Synology DiskStation Manager Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-006950

DESCRIPTION

An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors. Synology DiskStation Manager (DSM) Contains an information disclosure vulnerability.Information may be obtained. Synology DiskStation Manager (DSM) is an operating system developed by Synology for network storage servers (NAS). The operating system can manage data, documents, photos, music and other information

Trust: 1.8

sources: NVD: CVE-2017-9554 // JVNDB: JVNDB-2017-006950 // VULHUB: VHN-117757 // VULMON: CVE-2017-9554

AFFECTED PRODUCTS

vendor:	synology	model:	diskstation manager	scope:	lte	version:	6.1.1-15101-4	Trust: 1.0
vendor:	synology	model:	diskstation manager	scope:	lt	version:	6.1.3-15152	Trust: 0.8
vendor:	synology	model:	diskstation manager	scope:	eq	version:	6.1.1-15101-4	Trust: 0.6

sources: JVNDB: JVNDB-2017-006950 // CNNVD: CNNVD-201707-1156 // NVD: CVE-2017-9554

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-9554
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-9554
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201707-1156
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-117757
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-9554
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-9554
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-117757
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-9554
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-117757 // VULMON: CVE-2017-9554 // JVNDB: JVNDB-2017-006950 // CNNVD: CNNVD-201707-1156 // NVD: CVE-2017-9554

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-117757 // JVNDB: JVNDB-2017-006950 // NVD: CVE-2017-9554

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-1156

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201707-1156

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-006950

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-117757 // VULMON: CVE-2017-9554

PATCH

title:	Synology-SA-17:29 DSM	url:	https://www.synology.com/en-global/support/security/Synology_SA_17_29_DSM	Trust: 0.8
title:	Synology DiskStation Manager Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72013	Trust: 0.6
title:	CVE-2017-9554-Exploit-Tool	url:	https://github.com/Ez0-yf/CVE-2017-9554-Exploit-Tool	Trust: 0.1
title:	Synology-DiskStation-User-Enumeration-CVE-2017-9554-	url:	https://github.com/rfcl/Synology-DiskStation-User-Enumeration-CVE-2017-9554-	Trust: 0.1
title:	-	url:	https://github.com/khulnasoft-lab/awesome-security	Trust: 0.1

sources: VULMON: CVE-2017-9554 // JVNDB: JVNDB-2017-006950 // CNNVD: CNNVD-201707-1156

EXTERNAL IDS

db:	NVD	id:	CVE-2017-9554	Trust: 2.6
db:	EXPLOIT-DB	id:	43455	Trust: 1.2
db:	JVNDB	id:	JVNDB-2017-006950	Trust: 0.8
db:	CNNVD	id:	CNNVD-201707-1156	Trust: 0.7
db:	PACKETSTORM	id:	145740	Trust: 0.1
db:	VULHUB	id:	VHN-117757	Trust: 0.1
db:	VULMON	id:	CVE-2017-9554	Trust: 0.1

sources: VULHUB: VHN-117757 // VULMON: CVE-2017-9554 // JVNDB: JVNDB-2017-006950 // CNNVD: CNNVD-201707-1156 // NVD: CVE-2017-9554

REFERENCES

url:	https://www.synology.com/en-global/support/security/synology_sa_17_29_dsm	Trust: 1.8
url:	https://www.exploit-db.com/exploits/43455/	Trust: 1.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9554	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9554	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://github.com/ez0-yf/cve-2017-9554-exploit-tool	Trust: 0.1
url:	https://github.com/rfcl/synology-diskstation-user-enumeration-cve-2017-9554-	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-117757 // VULMON: CVE-2017-9554 // JVNDB: JVNDB-2017-006950 // CNNVD: CNNVD-201707-1156 // NVD: CVE-2017-9554

SOURCES

db:	VULHUB	id:	VHN-117757
db:	VULMON	id:	CVE-2017-9554
db:	JVNDB	id:	JVNDB-2017-006950
db:	CNNVD	id:	CNNVD-201707-1156
db:	NVD	id:	CVE-2017-9554

LAST UPDATE DATE

2024-11-23T22:17:54.385000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-117757	date:	2018-01-12T00:00:00
db:	VULMON	id:	CVE-2017-9554	date:	2018-01-12T00:00:00
db:	JVNDB	id:	JVNDB-2017-006950	date:	2017-09-07T00:00:00
db:	CNNVD	id:	CNNVD-201707-1156	date:	2017-07-25T00:00:00
db:	NVD	id:	CVE-2017-9554	date:	2024-11-21T03:36:23.130

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-117757	date:	2017-07-24T00:00:00
db:	VULMON	id:	CVE-2017-9554	date:	2017-07-24T00:00:00
db:	JVNDB	id:	JVNDB-2017-006950	date:	2017-09-07T00:00:00
db:	CNNVD	id:	CNNVD-201707-1156	date:	2017-07-25T00:00:00
db:	NVD	id:	CVE-2017-9554	date:	2017-07-24T20:29:00.263