Details of VAR-202010-0959

ID

VAR-202010-0959

CVE

CVE-2020-27648

TITLE

Synology DiskStation Manager Vulnerability in Certificate Verification

Trust: 0.8

sources: JVNDB: JVNDB-2020-012923

DESCRIPTION

Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Synology DiskStation Manager (DSM) is an operating system for network storage servers (NAS) developed by Synology, Taiwan. The operating system can manage data, documents, photos, music and other information. Synology DiskStation Manager (DSM) versions prior to 6.2.3-25426-2 have a security vulnerability

Trust: 1.8

sources: NVD: CVE-2020-27648 // JVNDB: JVNDB-2020-012923 // VULHUB: VHN-371557 // VULMON: CVE-2020-27648

AFFECTED PRODUCTS

vendor:	synology	model:	diskstation manager	scope:	gte	version:	6.2	Trust: 1.0
vendor:	synology	model:	diskstation manager	scope:	lt	version:	6.2.3-25426-2	Trust: 1.0
vendor:	synology	model:	skynas	scope:	lt	version:	6.2.3-25426	Trust: 1.0
vendor:	synology	model:	diskstation manager	scope:	-	version:	-	Trust: 0.8
vendor:	synology	model:	skynas	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-012923 // NVD: CVE-2020-27648

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-27648
value:	CRITICAL
Trust: 1.0
security@synology.com:	CVE-2020-27648
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-27648
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202010-1644
value:	HIGH
Trust: 0.6
VULHUB:	VHN-371557
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-27648
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-371557
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-27648
baseSeverity:	CRITICAL
baseScore:	9.0
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	6.0
version:	3.1
Trust: 1.0
security@synology.com:	CVE-2020-27648
baseSeverity:	HIGH
baseScore:	8.3
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2020-27648
baseSeverity:	CRITICAL
baseScore:	9.0
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-371557 // JVNDB: JVNDB-2020-012923 // CNNVD: CNNVD-202010-1644 // NVD: CVE-2020-27648 // NVD: CVE-2020-27648

PROBLEMTYPE DATA

problemtype:	CWE-295	Trust: 1.1
problemtype:	Bad certificate verification (CWE-295) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-371557 // JVNDB: JVNDB-2020-012923 // NVD: CVE-2020-27648

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-1644

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202010-1644

PATCH

title:	Synology-SA-20	url:	https://www.synology.com/security/advisory/Synology_SA_20_18	Trust: 0.8
title:	Synology DiskStation Manager Repair measures for trust management problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131801	Trust: 0.6

sources: JVNDB: JVNDB-2020-012923 // CNNVD: CNNVD-202010-1644

EXTERNAL IDS

db:	NVD	id:	CVE-2020-27648	Trust: 2.6
db:	TALOS	id:	TALOS-2020-1058	Trust: 1.8
db:	JVNDB	id:	JVNDB-2020-012923	Trust: 0.8
db:	CNNVD	id:	CNNVD-202010-1644	Trust: 0.7
db:	CNVD	id:	CNVD-2020-60450	Trust: 0.1
db:	VULHUB	id:	VHN-371557	Trust: 0.1
db:	VULMON	id:	CVE-2020-27648	Trust: 0.1

sources: VULHUB: VHN-371557 // VULMON: CVE-2020-27648 // JVNDB: JVNDB-2020-012923 // CNNVD: CNNVD-202010-1644 // NVD: CVE-2020-27648

REFERENCES

url:	https://www.synology.com/security/advisory/synology_sa_20_18	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-27648	Trust: 1.4
url:	https://www.talosintelligence.com/vulnerability_reports/talos-2020-1058	Trust: 1.2
url:	https://talosintelligence.com/vulnerability_reports/talos-2020-1058	Trust: 1.2
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-371557 // VULMON: CVE-2020-27648 // JVNDB: JVNDB-2020-012923 // CNNVD: CNNVD-202010-1644 // NVD: CVE-2020-27648

CREDITS

Discovered by Claudio Bozzato of Cisco Talos.

Trust: 0.6

sources: CNNVD: CNNVD-202010-1644

SOURCES

db:	VULHUB	id:	VHN-371557
db:	VULMON	id:	CVE-2020-27648
db:	JVNDB	id:	JVNDB-2020-012923
db:	CNNVD	id:	CNNVD-202010-1644
db:	NVD	id:	CVE-2020-27648

LAST UPDATE DATE

2024-11-23T22:11:17.450000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-371557	date:	2020-11-09T00:00:00
db:	VULMON	id:	CVE-2020-27648	date:	2020-11-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-012923	date:	2021-06-15T06:01:00
db:	CNNVD	id:	CNNVD-202010-1644	date:	2020-10-30T00:00:00
db:	NVD	id:	CVE-2020-27648	date:	2024-11-21T05:21:35.197

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-371557	date:	2020-10-29T00:00:00
db:	VULMON	id:	CVE-2020-27648	date:	2020-10-29T00:00:00
db:	JVNDB	id:	JVNDB-2020-012923	date:	2021-06-15T00:00:00
db:	CNNVD	id:	CNNVD-202010-1644	date:	2020-10-29T00:00:00
db:	NVD	id:	CVE-2020-27648	date:	2020-10-29T09:15:12.573