Details of VAR-202010-0963

ID

VAR-202010-0963

CVE

CVE-2020-27652

TITLE

Synology DiskStation Manager Encryption problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202010-1663

DESCRIPTION

Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. Synology DiskStation Manager (DSM) is an operating system for network storage servers (NAS) developed by Synology, Taiwan. The operating system can manage data, documents, photos, music and other information. Synology DiskStation Manager (DSM) prior to version 6.2.3-25426-2 has a security vulnerability. The vulnerability originates from QuickConnect

Trust: 1.08

sources: NVD: CVE-2020-27652 // VULHUB: VHN-371561 // VULMON: CVE-2020-27652

AFFECTED PRODUCTS

vendor:	synology	model:	diskstation manager	scope:	gte	version:	6.2	Trust: 1.0
vendor:	synology	model:	diskstation manager	scope:	lt	version:	6.2.3-25426-2	Trust: 1.0
vendor:	synology	model:	skynas	scope:	lt	version:	6.2.3-25426	Trust: 1.0

sources: NVD: CVE-2020-27652

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-27652
value:	HIGH
Trust: 1.0
security@synology.com:	CVE-2020-27652
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202010-1663
value:	HIGH
Trust: 0.6
VULHUB:	VHN-371561
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-27652
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-27652
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-371561
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-27652
baseSeverity:	HIGH
baseScore:	8.3
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	6.0
version:	3.1
Trust: 2.0

sources: VULHUB: VHN-371561 // VULMON: CVE-2020-27652 // CNNVD: CNNVD-202010-1663 // NVD: CVE-2020-27652 // NVD: CVE-2020-27652

PROBLEMTYPE DATA

problemtype:

CWE-327

Trust: 1.1

sources: VULHUB: VHN-371561 // NVD: CVE-2020-27652

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-1663

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202010-1663

PATCH

title:	Synology DiskStation Manager Fixes for encryption problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=132140	Trust: 0.6
title:	-	url:	https://github.com/looran/synocli	Trust: 0.1

sources: VULMON: CVE-2020-27652 // CNNVD: CNNVD-202010-1663

EXTERNAL IDS

db:	TALOS	id:	TALOS-2020-1061	Trust: 1.8
db:	NVD	id:	CVE-2020-27652	Trust: 1.8
db:	CNNVD	id:	CNNVD-202010-1663	Trust: 0.7
db:	CNVD	id:	CNVD-2020-60454	Trust: 0.1
db:	VULHUB	id:	VHN-371561	Trust: 0.1
db:	VULMON	id:	CVE-2020-27652	Trust: 0.1

sources: VULHUB: VHN-371561 // VULMON: CVE-2020-27652 // CNNVD: CNNVD-202010-1663 // NVD: CVE-2020-27652

REFERENCES

url:	https://www.synology.com/security/advisory/synology_sa_20_18	Trust: 1.8
url:	https://www.talosintelligence.com/vulnerability_reports/talos-2020-1061	Trust: 1.2
url:	https://talosintelligence.com/vulnerability_reports/talos-2020-1061	Trust: 1.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-27652	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/327.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/looran/synocli	Trust: 0.1

sources: VULHUB: VHN-371561 // VULMON: CVE-2020-27652 // CNNVD: CNNVD-202010-1663 // NVD: CVE-2020-27652

CREDITS

Discovered by Claudio Bozzato of Cisco Talos.

Trust: 0.6

sources: CNNVD: CNNVD-202010-1663

SOURCES

db:	VULHUB	id:	VHN-371561
db:	VULMON	id:	CVE-2020-27652
db:	CNNVD	id:	CNNVD-202010-1663
db:	NVD	id:	CVE-2020-27652

LAST UPDATE DATE

2024-11-23T22:16:17.870000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-371561	date:	2022-11-16T00:00:00
db:	VULMON	id:	CVE-2020-27652	date:	2021-05-12T00:00:00
db:	CNNVD	id:	CNNVD-202010-1663	date:	2020-11-04T00:00:00
db:	NVD	id:	CVE-2020-27652	date:	2024-11-21T05:21:35.810

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-371561	date:	2020-10-29T00:00:00
db:	VULMON	id:	CVE-2020-27652	date:	2020-10-29T00:00:00
db:	CNNVD	id:	CNNVD-202010-1663	date:	2020-10-29T00:00:00
db:	NVD	id:	CVE-2020-27652	date:	2020-10-29T09:15:13.137