Sign-up

ID

VAR-201806-0156


CVE

CVE-2017-12075


TITLE

Synology DiskStation Manager Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-013762

DESCRIPTION

Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter. Synology DiskStation Manager (DSM) is an operating system developed by Synology for network storage servers (NAS). The operating system can manage data, documents, photos, music and other information. EZ-Internet is one of the network configuration tools

Trust: 1.71

sources: NVD: CVE-2017-12075 // JVNDB: JVNDB-2017-013762 // VULHUB: VHN-102561

AFFECTED PRODUCTS

vendor:synologymodel:diskstation managerscope:ltversion:6.2-23739

Trust: 1.8

vendor:synologymodel:diskstation managerscope:eqversion:4.2

Trust: 0.6

vendor:synologymodel:diskstation managerscope:eqversion:4.2-3243

Trust: 0.6

vendor:synologymodel:diskstation managerscope:eqversion:4.3-3810

Trust: 0.6

vendor:synologymodel:diskstation managerscope:eqversion:4.0-2259

Trust: 0.6

vendor:synologymodel:diskstation managerscope:eqversion:4.0

Trust: 0.6

vendor:synologymodel:diskstation managerscope:eqversion:3.0

Trust: 0.6

vendor:synologymodel:diskstation managerscope:eqversion:4.3

Trust: 0.6

sources: JVNDB: JVNDB-2017-013762 // CNNVD: CNNVD-201806-649 // NVD: CVE-2017-12075

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12075
value: HIGH

Trust: 1.0

security@synology.com: CVE-2017-12075
value: HIGH

Trust: 1.0

NVD: CVE-2017-12075
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201806-649
value: HIGH

Trust: 0.6

VULHUB: VHN-102561
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-12075
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-102561
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12075
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-102561 // JVNDB: JVNDB-2017-013762 // CNNVD: CNNVD-201806-649 // NVD: CVE-2017-12075 // NVD: CVE-2017-12075

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.9

sources: VULHUB: VHN-102561 // JVNDB: JVNDB-2017-013762 // NVD: CVE-2017-12075

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-649

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201806-649

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013762

PATCH
title:Synology-SA-18:24 DSMurl:https://www.synology.com/en-global/support/security/Synology_SA_18_24
Trust: 0.8
title:Synology DiskStation Manager EZ-Internet Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80843
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-013762 // 
            
            
            
            CNNVD: CNNVD-201806-649

EXTERNAL IDS
db:NVDid:CVE-2017-12075
Trust: 2.5
db:JVNDBid:JVNDB-2017-013762
Trust: 0.8
db:CNNVDid:CNNVD-201806-649
Trust: 0.7
db:VULHUBid:VHN-102561
Trust: 0.1
sources:
            
            
            VULHUB: VHN-102561 // 
            
            
            
            JVNDB: JVNDB-2017-013762 // 
            
            
            
            CNNVD: CNNVD-201806-649 // 
            
            
            
            NVD: CVE-2017-12075

REFERENCES
url:https://www.synology.com/en-global/support/security/synology_sa_18_24
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12075
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12075
Trust: 0.8
sources:
            
            
            VULHUB: VHN-102561 // 
            
            
            
            JVNDB: JVNDB-2017-013762 // 
            
            
            
            CNNVD: CNNVD-201806-649 // 
            
            
            
            NVD: CVE-2017-12075

SOURCES
db:VULHUBid:VHN-102561
db:JVNDBid:JVNDB-2017-013762
db:CNNVDid:CNNVD-201806-649
db:NVDid:CVE-2017-12075

LAST UPDATE DATE
2024-11-23T23:08:43.242000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-102561date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2017-013762date:2018-08-08T00:00:00
db:CNNVDid:CNNVD-201806-649date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12075date:2024-11-21T03:08:46.857

SOURCES RELEASE DATE
db:VULHUBid:VHN-102561date:2018-06-08T00:00:00
db:JVNDBid:JVNDB-2017-013762date:2018-08-08T00:00:00
db:CNNVDid:CNNVD-201806-649date:2018-06-11T00:00:00
db:NVDid:CVE-2017-12075date:2018-06-08T13:29:00.360