Sign-up

ID

VAR-201904-0606


CVE

CVE-2018-13291


TITLE

Synology DiskStation Manager Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-015178

DESCRIPTION

Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration. Synology DiskStation Manager (DSM) Contains an information disclosure vulnerability.Information may be obtained. Synology DiskStation Manager (DSM) is an operating system for network storage servers (NAS) developed by Synology, Taiwan. The operating system can manage data, documents, photos, music and other information. The vulnerability is caused by errors in network system or product configuration during operation

Trust: 1.71

sources: NVD: CVE-2018-13291 // JVNDB: JVNDB-2018-015178 // VULHUB: VHN-123336

AFFECTED PRODUCTS

vendor:synologymodel:diskstation managerscope:ltversion:6.2.1-23824

Trust: 1.8

vendor:synologymodel:diskstation managerscope:gteversion:5.2

Trust: 1.0

sources: JVNDB: JVNDB-2018-015178 // NVD: CVE-2018-13291

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-13291
value: MEDIUM

Trust: 1.0

security@synology.com: CVE-2018-13291
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-13291
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201904-010
value: MEDIUM

Trust: 0.6

VULHUB: VHN-123336
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-13291
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-123336
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-13291
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-123336 // JVNDB: JVNDB-2018-015178 // CNNVD: CNNVD-201904-010 // NVD: CVE-2018-13291 // NVD: CVE-2018-13291

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-123336 // JVNDB: JVNDB-2018-015178 // NVD: CVE-2018-13291

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-010

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201904-010

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015178

PATCH
title:Synology-SA-18:51 DSMurl:https://www.synology.com/ja-jp/security/advisory/Synology_SA_18_51
Trust: 0.8
title:Synology DiskStation Manager Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90926
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-015178 // 
            
            
            
            CNNVD: CNNVD-201904-010

EXTERNAL IDS
db:NVDid:CVE-2018-13291
Trust: 2.5
db:JVNDBid:JVNDB-2018-015178
Trust: 0.8
db:CNNVDid:CNNVD-201904-010
Trust: 0.7
db:VULHUBid:VHN-123336
Trust: 0.1
sources:
            
            
            VULHUB: VHN-123336 // 
            
            
            
            JVNDB: JVNDB-2018-015178 // 
            
            
            
            CNNVD: CNNVD-201904-010 // 
            
            
            
            NVD: CVE-2018-13291

REFERENCES
url:https://www.synology.com/security/advisory/synology_sa_18_51
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-13291
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13291
Trust: 0.8
sources:
            
            
            VULHUB: VHN-123336 // 
            
            
            
            JVNDB: JVNDB-2018-015178 // 
            
            
            
            CNNVD: CNNVD-201904-010 // 
            
            
            
            NVD: CVE-2018-13291

SOURCES
db:VULHUBid:VHN-123336
db:JVNDBid:JVNDB-2018-015178
db:CNNVDid:CNNVD-201904-010
db:NVDid:CVE-2018-13291

LAST UPDATE DATE
2024-11-23T22:17:05.527000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-123336date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-015178date:2019-05-09T00:00:00
db:CNNVDid:CNNVD-201904-010date:2019-04-04T00:00:00
db:NVDid:CVE-2018-13291date:2024-11-21T03:46:46.270

SOURCES RELEASE DATE
db:VULHUBid:VHN-123336date:2019-04-01T00:00:00
db:JVNDBid:JVNDB-2018-015178date:2019-05-09T00:00:00
db:CNNVDid:CNNVD-201904-010date:2019-04-01T00:00:00
db:NVDid:CVE-2018-13291date:2019-04-01T15:29:00.623