Sign-up

ID

VAR-201812-0643


CVE

CVE-2018-8919


TITLE

Synology DiskStation Manager Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-013015

DESCRIPTION

Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors. Synology DiskStation Manager (DSM) Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Synology DiskStation Manager (DSM) is an operating system developed by Synology for network storage servers (NAS). The operating system can manage data, documents, photos, music and other information. An information disclosure vulnerability exists in SYNO.Core.Desktop.SessionData in Synology DSM versions earlier than 6.1.6-15266

Trust: 1.71

sources: NVD: CVE-2018-8919 // JVNDB: JVNDB-2018-013015 // VULHUB: VHN-138951

AFFECTED PRODUCTS

vendor:synologymodel:diskstation managerscope:ltversion:6.1.6-15266

Trust: 1.8

vendor:synologymodel:diskstation managerscope:eqversion:4.2

Trust: 0.6

vendor:synologymodel:diskstation managerscope:eqversion:4.2-3243

Trust: 0.6

vendor:synologymodel:diskstation managerscope:eqversion:4.3-3810

Trust: 0.6

vendor:synologymodel:diskstation managerscope:eqversion:4.0-2259

Trust: 0.6

vendor:synologymodel:diskstation managerscope:eqversion:4.0

Trust: 0.6

vendor:synologymodel:diskstation managerscope:eqversion:3.0

Trust: 0.6

vendor:synologymodel:diskstation managerscope:eqversion:4.3

Trust: 0.6

sources: JVNDB: JVNDB-2018-013015 // CNNVD: CNNVD-201812-1087 // NVD: CVE-2018-8919

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-8919
value: CRITICAL

Trust: 1.0

security@synology.com: CVE-2018-8919
value: HIGH

Trust: 1.0

NVD: CVE-2018-8919
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201812-1087
value: CRITICAL

Trust: 0.6

VULHUB: VHN-138951
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-8919
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-138951
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-8919
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

security@synology.com: CVE-2018-8919
baseSeverity: HIGH
baseScore: 8.3
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 6.0
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-138951 // JVNDB: JVNDB-2018-013015 // CNNVD: CNNVD-201812-1087 // NVD: CVE-2018-8919 // NVD: CVE-2018-8919

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-138951 // JVNDB: JVNDB-2018-013015 // NVD: CVE-2018-8919

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-1087

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201812-1087

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013015

PATCH
title:Synology-SA-18:14 DSMurl:https://www.synology.com/security/advisory/Synology_SA_18_14
Trust: 0.8
title:Synology DiskStation Manager Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88161
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-013015 // 
            
            
            
            CNNVD: CNNVD-201812-1087

EXTERNAL IDS
db:NVDid:CVE-2018-8919
Trust: 2.5
db:JVNDBid:JVNDB-2018-013015
Trust: 0.8
db:CNNVDid:CNNVD-201812-1087
Trust: 0.7
db:VULHUBid:VHN-138951
Trust: 0.1
sources:
            
            
            VULHUB: VHN-138951 // 
            
            
            
            JVNDB: JVNDB-2018-013015 // 
            
            
            
            CNNVD: CNNVD-201812-1087 // 
            
            
            
            NVD: CVE-2018-8919

REFERENCES
url:https://www.synology.com/security/advisory/synology_sa_18_14
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8919
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-8919
Trust: 0.8
sources:
            
            
            VULHUB: VHN-138951 // 
            
            
            
            JVNDB: JVNDB-2018-013015 // 
            
            
            
            CNNVD: CNNVD-201812-1087 // 
            
            
            
            NVD: CVE-2018-8919

SOURCES
db:VULHUBid:VHN-138951
db:JVNDBid:JVNDB-2018-013015
db:CNNVDid:CNNVD-201812-1087
db:NVDid:CVE-2018-8919

LAST UPDATE DATE
2024-11-23T23:01:58.245000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-138951date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-013015date:2019-02-13T00:00:00
db:CNNVDid:CNNVD-201812-1087date:2019-10-17T00:00:00
db:NVDid:CVE-2018-8919date:2024-11-21T04:14:36.213

SOURCES RELEASE DATE
db:VULHUBid:VHN-138951date:2018-12-24T00:00:00
db:JVNDBid:JVNDB-2018-013015date:2019-02-13T00:00:00
db:CNNVDid:CNNVD-201812-1087date:2018-12-25T00:00:00
db:NVDid:CVE-2018-8919date:2018-12-24T15:29:00.377