Sign-up

ID

VAR-201905-0953


CVE

CVE-2019-11820


TITLE

Synology Calendar Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2019-004382

DESCRIPTION

Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline. Synology Calendar Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Synology Calendar is a file protection program run on Synology NAS (Network Storage Server) devices by Synology, a Taiwan-based company. A trust management issue vulnerability exists in Synology Calendar prior to 2.3.3-0620. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components

Trust: 1.71

sources: NVD: CVE-2019-11820 // JVNDB: JVNDB-2019-004382 // VULHUB: VHN-143505

AFFECTED PRODUCTS

vendor:synologymodel:calendarscope:ltversion:2.3.3-0620

Trust: 1.8

sources: JVNDB: JVNDB-2019-004382 // NVD: CVE-2019-11820

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11820
value: MEDIUM

Trust: 1.0

security@synology.com: CVE-2019-11820
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-11820
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201905-220
value: MEDIUM

Trust: 0.6

VULHUB: VHN-143505
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-11820
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-143505
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-11820
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

security@synology.com: CVE-2019-11820
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.1
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: CVE-2019-11820
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-143505 // JVNDB: JVNDB-2019-004382 // CNNVD: CNNVD-201905-220 // NVD: CVE-2019-11820 // NVD: CVE-2019-11820

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.1

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-143505 // JVNDB: JVNDB-2019-004382 // NVD: CVE-2019-11820

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201905-220

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201905-220

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004382

PATCH
title:Synology-SA-19:21 Calendarurl:https://www.synology.com/ja-jp/security/advisory/Synology_SA_19_21
Trust: 0.8
title:Synology Calendar Repair measures for trust management problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92415
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-004382 // 
            
            
            
            CNNVD: CNNVD-201905-220

EXTERNAL IDS
db:NVDid:CVE-2019-11820
Trust: 2.5
db:JVNDBid:JVNDB-2019-004382
Trust: 0.8
db:CNNVDid:CNNVD-201905-220
Trust: 0.7
db:VULHUBid:VHN-143505
Trust: 0.1
sources:
            
            
            VULHUB: VHN-143505 // 
            
            
            
            JVNDB: JVNDB-2019-004382 // 
            
            
            
            CNNVD: CNNVD-201905-220 // 
            
            
            
            NVD: CVE-2019-11820

REFERENCES
url:https://www.synology.com/security/advisory/synology_sa_19_21
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-11820
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11820
Trust: 0.8
sources:
            
            
            VULHUB: VHN-143505 // 
            
            
            
            JVNDB: JVNDB-2019-004382 // 
            
            
            
            CNNVD: CNNVD-201905-220 // 
            
            
            
            NVD: CVE-2019-11820

SOURCES
db:VULHUBid:VHN-143505
db:JVNDBid:JVNDB-2019-004382
db:CNNVDid:CNNVD-201905-220
db:NVDid:CVE-2019-11820

LAST UPDATE DATE
2024-11-23T22:55:32.829000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-143505date:2020-10-07T00:00:00
db:JVNDBid:JVNDB-2019-004382date:2019-05-31T00:00:00
db:CNNVDid:CNNVD-201905-220date:2020-10-09T00:00:00
db:NVDid:CVE-2019-11820date:2024-11-21T04:21:49.807

SOURCES RELEASE DATE
db:VULHUBid:VHN-143505date:2019-05-09T00:00:00
db:JVNDBid:JVNDB-2019-004382date:2019-05-31T00:00:00
db:CNNVDid:CNNVD-201905-220date:2019-05-09T00:00:00
db:NVDid:CVE-2019-11820date:2019-05-09T06:29:00.207