Details of VAR-201810-0553

ID

VAR-201810-0553

CVE

CVE-2018-13281

TITLE

Synology DiskStation Manager Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-013868

DESCRIPTION

Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter. Synology DiskStation Manager (DSM) Contains an information disclosure vulnerability.Information may be obtained. Synology DiskStation Manager (DSM) is an operating system developed by Synology for network storage servers (NAS). The operating system can manage data, documents, photos, music and other information

Trust: 1.71

sources: NVD: CVE-2018-13281 // JVNDB: JVNDB-2018-013868 // VULHUB: VHN-123325

AFFECTED PRODUCTS

vendor:	synology	model:	diskstation manager	scope:	lt	version:	6.2-23739-2	Trust: 1.8
vendor:	synology	model:	diskstation manager	scope:	gte	version:	6.1	Trust: 1.0
vendor:	synology	model:	diskstation manager	scope:	gte	version:	6.2	Trust: 1.0
vendor:	synology	model:	vs960hd	scope:	eq	version:	-	Trust: 1.0
vendor:	synology	model:	diskstation manager	scope:	lt	version:	6.1.7-15284-2	Trust: 1.0
vendor:	synology	model:	diskstation manager	scope:	eq	version:	5.2	Trust: 1.0
vendor:	synology	model:	skynas	scope:	eq	version:	-	Trust: 1.0
vendor:	synology	model:	diskstation manager	scope:	eq	version:	6.0	Trust: 1.0
vendor:	synology	model:	skynas	scope:	-	version:	-	Trust: 0.8
vendor:	synology	model:	vs960hd	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2018-013868 // NVD: CVE-2018-13281

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-13281
value:	MEDIUM
Trust: 1.0
security@synology.com:	CVE-2018-13281
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-13281
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201810-1547
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-123325
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-13281
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-123325
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-13281
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.0
Trust: 2.8

sources: VULHUB: VHN-123325 // JVNDB: JVNDB-2018-013868 // CNNVD: CNNVD-201810-1547 // NVD: CVE-2018-13281 // NVD: CVE-2018-13281

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-123325 // JVNDB: JVNDB-2018-013868 // NVD: CVE-2018-13281

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-1547

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201810-1547

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013868

PATCH

title:	Synology-SA-18:36 DSM	url:	https://www.synology.com/en-global/support/security/Synology_SA_18_36	Trust: 0.8
title:	Synology DiskStation Manager Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86522	Trust: 0.6

sources: JVNDB: JVNDB-2018-013868 // CNNVD: CNNVD-201810-1547

EXTERNAL IDS

db:	NVD	id:	CVE-2018-13281	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-013868	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-1547	Trust: 0.7
db:	VULHUB	id:	VHN-123325	Trust: 0.1

sources: VULHUB: VHN-123325 // JVNDB: JVNDB-2018-013868 // CNNVD: CNNVD-201810-1547 // NVD: CVE-2018-13281

REFERENCES

url:	https://www.synology.com/en-global/support/security/synology_sa_18_36	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13281	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-13281	Trust: 0.8

sources: VULHUB: VHN-123325 // JVNDB: JVNDB-2018-013868 // CNNVD: CNNVD-201810-1547 // NVD: CVE-2018-13281

SOURCES

db:	VULHUB	id:	VHN-123325
db:	JVNDB	id:	JVNDB-2018-013868
db:	CNNVD	id:	CNNVD-201810-1547
db:	NVD	id:	CVE-2018-13281

LAST UPDATE DATE

2024-11-23T23:04:57.322000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-123325	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2018-013868	date:	2019-03-05T00:00:00
db:	CNNVD	id:	CNNVD-201810-1547	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-13281	date:	2024-11-21T03:46:45.030

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-123325	date:	2018-10-31T00:00:00
db:	JVNDB	id:	JVNDB-2018-013868	date:	2019-03-05T00:00:00
db:	CNNVD	id:	CNNVD-201810-1547	date:	2018-11-01T00:00:00
db:	NVD	id:	CVE-2018-13281	date:	2018-10-31T16:29:00.237