Sign-up

ID

VAR-201904-0601


CVE

CVE-2018-13286


TITLE

Synology Diskstation Manager Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-015183

DESCRIPTION

Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration. Synology Diskstation Manager (DSM) Contains an information disclosure vulnerability.Information may be obtained. Synology DiskStation Manager (DSM) is an operating system for network storage servers (NAS) developed by Synology, Taiwan. The operating system can manage data, documents, photos, music and other information. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components

Trust: 1.71

sources: NVD: CVE-2018-13286 // JVNDB: JVNDB-2018-015183 // VULHUB: VHN-123330

AFFECTED PRODUCTS

vendor:synologymodel:diskstation managerscope:ltversion:6.2-23739-1

Trust: 1.8

vendor:synologymodel:diskstation managerscope:gteversion:6.1

Trust: 1.0

vendor:synologymodel:diskstation managerscope:gteversion:6.2

Trust: 1.0

vendor:synologymodel:diskstation managerscope:gteversion:5.2

Trust: 1.0

vendor:synologymodel:diskstation managerscope:ltversion:6.1.7-15284-1

Trust: 1.0

vendor:synologymodel:diskstation managerscope:ltversion:6.0.3-8754-8

Trust: 1.0

vendor:synologymodel:diskstation managerscope:gteversion:6.0

Trust: 1.0

vendor:synologymodel:diskstation managerscope:ltversion:5.2-5967-8

Trust: 1.0

sources: JVNDB: JVNDB-2018-015183 // NVD: CVE-2018-13286

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-13286
value: MEDIUM

Trust: 1.0

security@synology.com: CVE-2018-13286
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-13286
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201904-007
value: MEDIUM

Trust: 0.6

VULHUB: VHN-123330
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-13286
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-123330
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-13286
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-123330 // JVNDB: JVNDB-2018-015183 // CNNVD: CNNVD-201904-007 // NVD: CVE-2018-13286 // NVD: CVE-2018-13286

PROBLEMTYPE DATA

problemtype:CWE-276

Trust: 1.1

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-123330 // JVNDB: JVNDB-2018-015183 // NVD: CVE-2018-13286

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-007

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201904-007

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015183

PATCH
title:Synology-SA-18:33 DSMurl:https://www.synology.com/security/advisory/Synology_SA_18_33
Trust: 0.8
title:Synology DiskStation Manager Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90923
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-015183 // 
            
            
            
            CNNVD: CNNVD-201904-007

EXTERNAL IDS
db:NVDid:CVE-2018-13286
Trust: 2.5
db:JVNDBid:JVNDB-2018-015183
Trust: 0.8
db:CNNVDid:CNNVD-201904-007
Trust: 0.7
db:VULHUBid:VHN-123330
Trust: 0.1
sources:
            
            
            VULHUB: VHN-123330 // 
            
            
            
            JVNDB: JVNDB-2018-015183 // 
            
            
            
            CNNVD: CNNVD-201904-007 // 
            
            
            
            NVD: CVE-2018-13286

REFERENCES
url:https://www.synology.com/security/advisory/synology_sa_18_33
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-13286
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13286
Trust: 0.8
sources:
            
            
            VULHUB: VHN-123330 // 
            
            
            
            JVNDB: JVNDB-2018-015183 // 
            
            
            
            CNNVD: CNNVD-201904-007 // 
            
            
            
            NVD: CVE-2018-13286

SOURCES
db:VULHUBid:VHN-123330
db:JVNDBid:JVNDB-2018-015183
db:CNNVDid:CNNVD-201904-007
db:NVDid:CVE-2018-13286

LAST UPDATE DATE
2024-11-23T23:11:53.773000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-123330date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-015183date:2019-05-09T00:00:00
db:CNNVDid:CNNVD-201904-007date:2019-10-08T00:00:00
db:NVDid:CVE-2018-13286date:2024-11-21T03:46:45.650

SOURCES RELEASE DATE
db:VULHUBid:VHN-123330date:2019-04-01T00:00:00
db:JVNDBid:JVNDB-2018-015183date:2019-05-09T00:00:00
db:CNNVDid:CNNVD-201904-007date:2019-04-01T00:00:00
db:NVDid:CVE-2018-13286date:2019-04-01T15:29:00.450