Sign-up

ID

VAR-201904-0530


CVE

CVE-2017-16775


TITLE

Synology SSO Server Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-014418

DESCRIPTION

Improper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Synology SSO Server Contains an input validation vulnerability.Information may be obtained and information may be altered. Synology SSO Server is a server software provided by Synology, Taiwan, China, which provides single sign-on function. The SSOOauth.cgi file in versions prior to Synology SSO Server 2.1.3-0129 has a security vulnerability. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

Trust: 1.71

sources: NVD: CVE-2017-16775 // JVNDB: JVNDB-2017-014418 // VULHUB: VHN-107731

AFFECTED PRODUCTS

vendor:synologymodel:sso serverscope:ltversion:2.1.3-0129

Trust: 1.8

sources: JVNDB: JVNDB-2017-014418 // NVD: CVE-2017-16775

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-16775
value: MEDIUM

Trust: 1.0

security@synology.com: CVE-2017-16775
value: HIGH

Trust: 1.0

NVD: CVE-2017-16775
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201711-360
value: MEDIUM

Trust: 0.6

VULHUB: VHN-107731
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-16775
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-107731
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-16775
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

security@synology.com: CVE-2017-16775
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.7
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-107731 // JVNDB: JVNDB-2017-014418 // CNNVD: CNNVD-201711-360 // NVD: CVE-2017-16775 // NVD: CVE-2017-16775

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-1021

Trust: 1.0

sources: VULHUB: VHN-107731 // JVNDB: JVNDB-2017-014418 // NVD: CVE-2017-16775

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-360

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201711-360

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014418

PATCH
title:Synology-SA-18:28 SSO Serverurl:https://www.synology.com/security/advisory/Synology_SA_18_28
Trust: 0.8
title:Synology SSO Server Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91039
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-014418 // 
            
            
            
            CNNVD: CNNVD-201711-360

EXTERNAL IDS
db:NVDid:CVE-2017-16775
Trust: 2.5
db:JVNDBid:JVNDB-2017-014418
Trust: 0.8
db:CNNVDid:CNNVD-201711-360
Trust: 0.7
db:VULHUBid:VHN-107731
Trust: 0.1
sources:
            
            
            VULHUB: VHN-107731 // 
            
            
            
            JVNDB: JVNDB-2017-014418 // 
            
            
            
            CNNVD: CNNVD-201711-360 // 
            
            
            
            NVD: CVE-2017-16775

REFERENCES
url:https://www.synology.com/security/advisory/synology_sa_18_28
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2017-16775
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16775
Trust: 0.8
sources:
            
            
            VULHUB: VHN-107731 // 
            
            
            
            JVNDB: JVNDB-2017-014418 // 
            
            
            
            CNNVD: CNNVD-201711-360 // 
            
            
            
            NVD: CVE-2017-16775

SOURCES
db:VULHUBid:VHN-107731
db:JVNDBid:JVNDB-2017-014418
db:CNNVDid:CNNVD-201711-360
db:NVDid:CVE-2017-16775

LAST UPDATE DATE
2024-11-23T22:30:03.516000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-107731date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2017-014418date:2019-05-09T00:00:00
db:CNNVDid:CNNVD-201711-360date:2019-10-10T00:00:00
db:NVDid:CVE-2017-16775date:2024-11-21T03:16:56.917

SOURCES RELEASE DATE
db:VULHUBid:VHN-107731date:2019-04-01T00:00:00
db:JVNDBid:JVNDB-2017-014418date:2019-05-09T00:00:00
db:CNNVDid:CNNVD-201711-360date:2017-11-13T00:00:00
db:NVDid:CVE-2017-16775date:2019-04-01T15:29:00.310