Sign-up

ID

VAR-201807-0541


CVE

CVE-2018-13280


TITLE

Synology DiskStation Manager Vulnerable to use of insufficient random values

Trust: 0.8

sources: JVNDB: JVNDB-2018-008287

DESCRIPTION

Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors. Synology DiskStation Manager (DSM) is an operating system developed by Synology for network storage servers (NAS). The operating system can manage data, documents, photos, music and other information. Attackers can exploit this vulnerability to implement man-in-the-middle attacks and control non-HTTPS sessions

Trust: 1.71

sources: NVD: CVE-2018-13280 // JVNDB: JVNDB-2018-008287 // VULHUB: VHN-123324

AFFECTED PRODUCTS

vendor:synologymodel:diskstation managerscope:ltversion:6.2-23739

Trust: 1.8

vendor:synologymodel:diskstation managerscope:eqversion:4.2

Trust: 0.6

vendor:synologymodel:diskstation managerscope:eqversion:4.2-3243

Trust: 0.6

vendor:synologymodel:diskstation managerscope:eqversion:4.3-3810

Trust: 0.6

vendor:synologymodel:diskstation managerscope:eqversion:4.0-2259

Trust: 0.6

vendor:synologymodel:diskstation managerscope:eqversion:4.0

Trust: 0.6

vendor:synologymodel:diskstation managerscope:eqversion:3.0

Trust: 0.6

vendor:synologymodel:diskstation managerscope:eqversion:4.3

Trust: 0.6

sources: JVNDB: JVNDB-2018-008287 // CNNVD: CNNVD-201807-1981 // NVD: CVE-2018-13280

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-13280
value: MEDIUM

Trust: 1.0

security@synology.com: CVE-2018-13280
value: HIGH

Trust: 1.0

NVD: CVE-2018-13280
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201807-1981
value: MEDIUM

Trust: 0.6

VULHUB: VHN-123324
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-13280
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-123324
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-13280
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.8

security@synology.com: CVE-2018-13280
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 5.2
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-123324 // JVNDB: JVNDB-2018-008287 // CNNVD: CNNVD-201807-1981 // NVD: CVE-2018-13280 // NVD: CVE-2018-13280

PROBLEMTYPE DATA

problemtype:CWE-330

Trust: 1.9

sources: VULHUB: VHN-123324 // JVNDB: JVNDB-2018-008287 // NVD: CVE-2018-13280

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1981

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-201807-1981

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008287

PATCH
title:Synology-SA-18:39 DSMurl:https://www.synology.com/en-global/support/security/Synology_SA_18_39
Trust: 0.8
title:Synology DiskStation Manager Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82718
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-008287 // 
            
            
            
            CNNVD: CNNVD-201807-1981

EXTERNAL IDS
db:NVDid:CVE-2018-13280
Trust: 2.5
db:JVNDBid:JVNDB-2018-008287
Trust: 0.8
db:CNNVDid:CNNVD-201807-1981
Trust: 0.7
db:VULHUBid:VHN-123324
Trust: 0.1
sources:
            
            
            VULHUB: VHN-123324 // 
            
            
            
            JVNDB: JVNDB-2018-008287 // 
            
            
            
            CNNVD: CNNVD-201807-1981 // 
            
            
            
            NVD: CVE-2018-13280

REFERENCES
url:https://www.synology.com/en-global/support/security/synology_sa_18_39
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13280
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-13280
Trust: 0.8
sources:
            
            
            VULHUB: VHN-123324 // 
            
            
            
            JVNDB: JVNDB-2018-008287 // 
            
            
            
            CNNVD: CNNVD-201807-1981 // 
            
            
            
            NVD: CVE-2018-13280

SOURCES
db:VULHUBid:VHN-123324
db:JVNDBid:JVNDB-2018-008287
db:CNNVDid:CNNVD-201807-1981
db:NVDid:CVE-2018-13280

LAST UPDATE DATE
2024-11-23T22:38:06.957000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-123324date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-008287date:2018-10-15T00:00:00
db:CNNVDid:CNNVD-201807-1981date:2019-10-17T00:00:00
db:NVDid:CVE-2018-13280date:2024-11-21T03:46:44.900

SOURCES RELEASE DATE
db:VULHUBid:VHN-123324date:2018-07-30T00:00:00
db:JVNDBid:JVNDB-2018-008287date:2018-10-15T00:00:00
db:CNNVDid:CNNVD-201807-1981date:2018-07-31T00:00:00
db:NVDid:CVE-2018-13280date:2018-07-30T14:29:03.427