Details of VAR-202010-0969

ID

VAR-202010-0969

CVE

CVE-2020-27658

TITLE

Synology Router Manager Improper Permission Assignment Vulnerability in Critical Resources

Trust: 0.8

sources: JVNDB: JVNDB-2020-012783

DESCRIPTION

Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. Synology Router Manager (SRM) Is vulnerable to an improperly assigned permission for critical resources.Information may be obtained and information may be tampered with. Synology Router Manager (SRM) is a software for configuring and managing Synology routers developed by Synology, Taiwan. Synology Router Manager (SRM) versions prior to 1.2.4-8081 have a security vulnerability. The vulnerability is caused by the HTTPOnly flag in the Set-Cookie header that does not contain a session cookie

Trust: 1.8

sources: NVD: CVE-2020-27658 // JVNDB: JVNDB-2020-012783 // VULHUB: VHN-371567 // VULMON: CVE-2020-27658

AFFECTED PRODUCTS

vendor:	synology	model:	router manager	scope:	gte	version:	1.2	Trust: 1.0
vendor:	synology	model:	router manager	scope:	lt	version:	1.2.4-8081	Trust: 1.0
vendor:	synology	model:	router manager	scope:	eq	version:	-	Trust: 0.8
vendor:	synology	model:	router manager	scope:	eq	version:	1.2.4-8081	Trust: 0.8

sources: JVNDB: JVNDB-2020-012783 // NVD: CVE-2020-27658

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-27658
value:	MEDIUM
Trust: 1.0
security@synology.com:	CVE-2020-27658
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-27658
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202010-1637
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-371567
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-27658
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-27658
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-371567
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-27658
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
security@synology.com:	CVE-2020-27658
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	3.7
version:	3.1
Trust: 1.0
NVD:	CVE-2020-27658
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-371567 // VULMON: CVE-2020-27658 // JVNDB: JVNDB-2020-012783 // CNNVD: CNNVD-202010-1637 // NVD: CVE-2020-27658 // NVD: CVE-2020-27658

PROBLEMTYPE DATA

problemtype:	CWE-732	Trust: 1.1
problemtype:	CWE-1004	Trust: 1.0
problemtype:	Improper permission assignment for critical resources (CWE-732) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-371567 // JVNDB: JVNDB-2020-012783 // NVD: CVE-2020-27658

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-1637

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-1637

PATCH

title:	Synology-SA-20	url:	https://www.synology.com/security/advisory/Synology_SA_20_14	Trust: 0.8
title:	Synology Router Manager Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=132134	Trust: 0.6

sources: JVNDB: JVNDB-2020-012783 // CNNVD: CNNVD-202010-1637

EXTERNAL IDS

db:	NVD	id:	CVE-2020-27658	Trust: 2.6
db:	TALOS	id:	TALOS-2020-1086	Trust: 1.8
db:	JVNDB	id:	JVNDB-2020-012783	Trust: 0.8
db:	CNNVD	id:	CNNVD-202010-1637	Trust: 0.7
db:	CNVD	id:	CNVD-2020-60462	Trust: 0.1
db:	VULHUB	id:	VHN-371567	Trust: 0.1
db:	VULMON	id:	CVE-2020-27658	Trust: 0.1

sources: VULHUB: VHN-371567 // VULMON: CVE-2020-27658 // JVNDB: JVNDB-2020-012783 // CNNVD: CNNVD-202010-1637 // NVD: CVE-2020-27658

REFERENCES

url:	https://www.synology.com/security/advisory/synology_sa_20_14	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-27658	Trust: 1.4
url:	https://www.talosintelligence.com/vulnerability_reports/talos-2020-1086	Trust: 1.2
url:	https://talosintelligence.com/vulnerability_reports/talos-2020-1086	Trust: 1.2
url:	https://cwe.mitre.org/data/definitions/732.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-371567 // VULMON: CVE-2020-27658 // JVNDB: JVNDB-2020-012783 // CNNVD: CNNVD-202010-1637 // NVD: CVE-2020-27658

CREDITS

Discovered by Claudio Bozzato of Cisco Talos.

Trust: 0.6

sources: CNNVD: CNNVD-202010-1637

SOURCES

db:	VULHUB	id:	VHN-371567
db:	VULMON	id:	CVE-2020-27658
db:	JVNDB	id:	JVNDB-2020-012783
db:	CNNVD	id:	CNNVD-202010-1637
db:	NVD	id:	CVE-2020-27658

LAST UPDATE DATE

2024-11-23T22:44:24.973000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-371567	date:	2020-11-03T00:00:00
db:	VULMON	id:	CVE-2020-27658	date:	2020-11-03T00:00:00
db:	JVNDB	id:	JVNDB-2020-012783	date:	2021-06-03T08:31:00
db:	CNNVD	id:	CNNVD-202010-1637	date:	2020-11-04T00:00:00
db:	NVD	id:	CVE-2020-27658	date:	2024-11-21T05:21:36.617

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-371567	date:	2020-10-29T00:00:00
db:	VULMON	id:	CVE-2020-27658	date:	2020-10-29T00:00:00
db:	JVNDB	id:	JVNDB-2020-012783	date:	2021-06-03T00:00:00
db:	CNNVD	id:	CNNVD-202010-1637	date:	2020-10-29T00:00:00
db:	NVD	id:	CVE-2020-27658	date:	2020-10-29T09:15:13.667