Details of VAR-201708-0478

ID

VAR-201708-0478

CVE

CVE-2017-12076

TITLE

Synology DiskStation Vulnerable to resource exhaustion

Trust: 0.8

sources: JVNDB: JVNDB-2017-007394

DESCRIPTION

Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack. Synology DiskStation (DSM) Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Synology DiskStation Manager (DSM) is an operating system developed by Synology for network storage servers (NAS). The operating system can manage data, documents, photos, music and other information. Synology DSM versions earlier than 6.1.1-15088 have an uncontrollable resource consumption vulnerability in SYNO.Core.PortForwarding.Rules

Trust: 1.8

sources: NVD: CVE-2017-12076 // JVNDB: JVNDB-2017-007394 // VULHUB: VHN-102562 // VULMON: CVE-2017-12076

AFFECTED PRODUCTS

vendor:	synology	model:	diskstation manager	scope:	eq	version:	6.1.1	Trust: 1.6
vendor:	synology	model:	diskstation manager	scope:	lte	version:	6.1	Trust: 1.0
vendor:	synology	model:	diskstation manager	scope:	lt	version:	6.1.1-15088	Trust: 0.8
vendor:	synology	model:	diskstation manager	scope:	eq	version:	6.1	Trust: 0.6

sources: JVNDB: JVNDB-2017-007394 // CNNVD: CNNVD-201708-1175 // NVD: CVE-2017-12076

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12076
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-12076
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201708-1175
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-102562
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-12076
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-12076
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-102562
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12076
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-102562 // VULMON: CVE-2017-12076 // JVNDB: JVNDB-2017-007394 // CNNVD: CNNVD-201708-1175 // NVD: CVE-2017-12076

PROBLEMTYPE DATA

problemtype:

CWE-400

Trust: 1.9

sources: VULHUB: VHN-102562 // JVNDB: JVNDB-2017-007394 // NVD: CVE-2017-12076

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-1175

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201708-1175

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-007394

PATCH

title:	Synology-SA-17:48 DSM	url:	https://www.synology.com/en-global/support/security/Synology_SA_17_48_DSM	Trust: 0.8
title:	Synology DiskStation Manager Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74310	Trust: 0.6

sources: JVNDB: JVNDB-2017-007394 // CNNVD: CNNVD-201708-1175

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12076	Trust: 2.6
db:	JVNDB	id:	JVNDB-2017-007394	Trust: 0.8
db:	CNNVD	id:	CNNVD-201708-1175	Trust: 0.7
db:	VULHUB	id:	VHN-102562	Trust: 0.1
db:	VULMON	id:	CVE-2017-12076	Trust: 0.1

sources: VULHUB: VHN-102562 // VULMON: CVE-2017-12076 // JVNDB: JVNDB-2017-007394 // CNNVD: CNNVD-201708-1175 // NVD: CVE-2017-12076

REFERENCES

url:	https://www.synology.com/en-global/support/security/synology_sa_17_48_dsm	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12076	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12076	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/400.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-102562 // VULMON: CVE-2017-12076 // JVNDB: JVNDB-2017-007394 // CNNVD: CNNVD-201708-1175 // NVD: CVE-2017-12076

SOURCES

db:	VULHUB	id:	VHN-102562
db:	VULMON	id:	CVE-2017-12076
db:	JVNDB	id:	JVNDB-2017-007394
db:	CNNVD	id:	CNNVD-201708-1175
db:	NVD	id:	CVE-2017-12076

LAST UPDATE DATE

2024-11-23T22:56:06.663000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-102562	date:	2017-08-31T00:00:00
db:	VULMON	id:	CVE-2017-12076	date:	2017-08-31T00:00:00
db:	JVNDB	id:	JVNDB-2017-007394	date:	2017-09-20T00:00:00
db:	CNNVD	id:	CNNVD-201708-1175	date:	2017-08-29T00:00:00
db:	NVD	id:	CVE-2017-12076	date:	2024-11-21T03:08:46.977

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-102562	date:	2017-08-28T00:00:00
db:	VULMON	id:	CVE-2017-12076	date:	2017-08-28T00:00:00
db:	JVNDB	id:	JVNDB-2017-007394	date:	2017-09-20T00:00:00
db:	CNNVD	id:	CNNVD-201708-1175	date:	2017-08-29T00:00:00
db:	NVD	id:	CVE-2017-12076	date:	2017-08-28T19:29:00.637