Sign-up

ID

VAR-202103-1062


CVE

CVE-2021-27647


TITLE

Synology DiskStation Manager  Out-of-bounds read vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-004441

DESCRIPTION

Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. Synology DiskStation Manager (DSM) Is vulnerable to an out-of-bounds read.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Synology DS418play. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of the HandleSendMsg parameter sent to StartEngCommPipeServer. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Synology DiskStation Manager (DSM) is an operating system for network storage servers (NAS) developed by Synology, Taiwan. The operating system can manage data, documents, photos, music and other information

Trust: 2.43

sources: NVD: CVE-2021-27647 // JVNDB: JVNDB-2021-004441 // ZDI: ZDI-21-339 // VULHUB: VHN-386940 // VULMON: CVE-2021-27647

AFFECTED PRODUCTS

vendor:synologymodel:diskstation managerscope:ltversion:6.2.3-25426-3

Trust: 1.0

vendor:synologymodel:diskstation managerscope:eqversion:6.2.3-25426-3

Trust: 0.8

vendor:synologymodel:diskstation managerscope:eqversion: -

Trust: 0.8

vendor:synologymodel:diskstation managerscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-21-339 // JVNDB: JVNDB-2021-004441 // NVD: CVE-2021-27647

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-27647
value: CRITICAL

Trust: 1.0

security@synology.com: CVE-2021-27647
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-27647
value: CRITICAL

Trust: 0.8

ZDI: CVE-2021-27647
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-202103-920
value: CRITICAL

Trust: 0.6

VULHUB: VHN-386940
value: HIGH

Trust: 0.1

VULMON: CVE-2021-27647
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-27647
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-386940
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-27647
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-004441
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2021-27647
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-21-339 // VULHUB: VHN-386940 // VULMON: CVE-2021-27647 // JVNDB: JVNDB-2021-004441 // CNNVD: CNNVD-202103-920 // NVD: CVE-2021-27647 // NVD: CVE-2021-27647

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

problemtype:Out-of-bounds read (CWE-125) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-386940 // JVNDB: JVNDB-2021-004441 // NVD: CVE-2021-27647

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-920

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202103-920

PATCH

title:Synology-SA-20url:https://www.synology.com/ja-jp/security/advisory/Synology_SA_20_26

Trust: 0.8

title:Synology has issued an update to correct this vulnerability.url:https://www.synology.com/zh-hk/security/advisory/Synology_SA_20_26

Trust: 0.7

title:Synology DiskStation Manager Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=144334

Trust: 0.6

sources: ZDI: ZDI-21-339 // JVNDB: JVNDB-2021-004441 // CNNVD: CNNVD-202103-920

EXTERNAL IDS

db:NVDid:CVE-2021-27647

Trust: 3.3

db:ZDIid:ZDI-21-339

Trust: 2.5

db:JVNDBid:JVNDB-2021-004441

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-12361

Trust: 0.7

db:CNNVDid:CNNVD-202103-920

Trust: 0.7

db:VULHUBid:VHN-386940

Trust: 0.1

db:VULMONid:CVE-2021-27647

Trust: 0.1

sources: ZDI: ZDI-21-339 // VULHUB: VHN-386940 // VULMON: CVE-2021-27647 // JVNDB: JVNDB-2021-004441 // CNNVD: CNNVD-202103-920 // NVD: CVE-2021-27647

REFERENCES

url:https://www.synology.com/security/advisory/synology_sa_20_26

Trust: 1.8

url:https://www.zerodayinitiative.com/advisories/zdi-21-339/

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-27647

Trust: 1.4

url:https://www.synology.com/zh-hk/security/advisory/synology_sa_20_26

Trust: 0.7

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: ZDI: ZDI-21-339 // VULHUB: VHN-386940 // VULMON: CVE-2021-27647 // JVNDB: JVNDB-2021-004441 // CNNVD: CNNVD-202103-920 // NVD: CVE-2021-27647

CREDITS

STARLabs

Trust: 0.7

sources: ZDI: ZDI-21-339

SOURCES

db:ZDIid:ZDI-21-339
db:VULHUBid:VHN-386940
db:VULMONid:CVE-2021-27647
db:JVNDBid:JVNDB-2021-004441
db:CNNVDid:CNNVD-202103-920
db:NVDid:CVE-2021-27647

LAST UPDATE DATE

2024-11-23T21:34:50.580000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-339date:2021-05-24T00:00:00
db:VULHUBid:VHN-386940date:2021-03-26T00:00:00
db:VULMONid:CVE-2021-27647date:2021-03-26T00:00:00
db:JVNDBid:JVNDB-2021-004441date:2021-11-22T07:59:00
db:CNNVDid:CNNVD-202103-920date:2021-03-23T00:00:00
db:NVDid:CVE-2021-27647date:2024-11-21T05:58:22.397

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-339date:2021-03-22T00:00:00
db:VULHUBid:VHN-386940date:2021-03-12T00:00:00
db:VULMONid:CVE-2021-27647date:2021-03-12T00:00:00
db:JVNDBid:JVNDB-2021-004441date:2021-11-22T00:00:00
db:CNNVDid:CNNVD-202103-920date:2021-03-12T00:00:00
db:NVDid:CVE-2021-27647date:2021-03-12T07:15:13.797