Details of VAR-202102-1279

ID

VAR-202102-1279

CVE

CVE-2021-26563

TITLE

Synology DiskStation Manager Authentication Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2021-004177

DESCRIPTION

Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors. Synology DiskStation Manager (DSM) Contains an improper authentication vulnerability.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Synology DiskStation Manager (DSM) is an operating system for network storage servers (NAS) developed by Synology, Taiwan. The operating system can manage data, documents, photos, music and other information

Trust: 2.25

sources: NVD: CVE-2021-26563 // JVNDB: JVNDB-2021-004177 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-385704

AFFECTED PRODUCTS

vendor:	synology	model:	diskstation manager unified controller	scope:	eq	version:	3.0	Trust: 1.0
vendor:	synology	model:	diskstation manager	scope:	lt	version:	6.2.4-25553	Trust: 1.0
vendor:	synology	model:	vs960hd	scope:	eq	version:	-	Trust: 1.0
vendor:	synology	model:	skynas	scope:	eq	version:	-	Trust: 1.0
vendor:	synology	model:	diskstation manager	scope:	-	version:	-	Trust: 0.8
vendor:	synology	model:	diskstation manager unified controller	scope:	-	version:	-	Trust: 0.8
vendor:	synology	model:	skynas	scope:	-	version:	-	Trust: 0.8
vendor:	synology	model:	vs960hd	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-004177 // NVD: CVE-2021-26563

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-26563
value:	MEDIUM
Trust: 1.0
security@synology.com:	CVE-2021-26563
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-26563
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202102-1707
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-385704
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-26563
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	CVE-2021-26563
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-385704
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-26563
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
security@synology.com:	CVE-2021-26563
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.5
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2021-26563
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-385704 // JVNDB: JVNDB-2021-004177 // CNNVD: CNNVD-202102-1707 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-26563 // NVD: CVE-2021-26563

PROBLEMTYPE DATA

problemtype:	CWE-863	Trust: 1.1
problemtype:	Bad authentication (CWE-863) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-385704 // JVNDB: JVNDB-2021-004177 // NVD: CVE-2021-26563

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202102-1707

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202102-1707

PATCH

title:	Synology-SA-21	url:	https://www.synology.com/ja-jp/security/advisory/Synology_SA_21_03	Trust: 0.8
title:	Synology DiskStation Manager Fixes for access control error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=143559	Trust: 0.6

sources: JVNDB: JVNDB-2021-004177 // CNNVD: CNNVD-202102-1707

EXTERNAL IDS

db:	NVD	id:	CVE-2021-26563	Trust: 2.5
db:	TALOS	id:	TALOS-2020-1158	Trust: 1.7
db:	JVNDB	id:	JVNDB-2021-004177	Trust: 0.8
db:	CS-HELP	id:	SB2021042002	Trust: 0.6
db:	CNNVD	id:	CNNVD-202102-1707	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	VULHUB	id:	VHN-385704	Trust: 0.1

sources: VULHUB: VHN-385704 // JVNDB: JVNDB-2021-004177 // CNNVD: CNNVD-202102-1707 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-26563

REFERENCES

url:	https://www.synology.com/security/advisory/synology_sa_21_03	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-26563	Trust: 1.4
url:	https://www.talosintelligence.com/vulnerability_reports/talos-2020-1158	Trust: 1.1
url:	https://talosintelligence.com/vulnerability_reports/talos-2020-1158	Trust: 0.6
url:	https://www.synology.com/security/advisory/synology_sa_20_26	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042002	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6

sources: VULHUB: VHN-385704 // JVNDB: JVNDB-2021-004177 // CNNVD: CNNVD-202102-1707 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-26563

SOURCES

db:	VULHUB	id:	VHN-385704
db:	JVNDB	id:	JVNDB-2021-004177
db:	CNNVD	id:	CNNVD-202102-1707
db:	CNNVD	id:	CNNVD-202104-975
db:	NVD	id:	CVE-2021-26563

LAST UPDATE DATE

2024-11-23T20:45:48.790000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-385704	date:	2022-04-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-004177	date:	2021-11-16T06:39:00
db:	CNNVD	id:	CNNVD-202102-1707	date:	2022-04-27T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2021-26563	date:	2024-11-21T05:56:29.403

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-385704	date:	2021-02-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-004177	date:	2021-11-16T00:00:00
db:	CNNVD	id:	CNNVD-202102-1707	date:	2021-02-26T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2021-26563	date:	2021-02-26T22:15:20.143