Details of VAR-202106-1129

ID

VAR-202106-1129

CVE

CVE-2021-27649

TITLE

Synology DiskStation Manager Vulnerabilities in the use of freed memory

Trust: 0.8

sources: JVNDB: JVNDB-2021-008490

DESCRIPTION

Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. Synology DiskStation Manager (DSM) Is vulnerable to the use of freed memory.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Synology DiskStation Manager (DSM) is an operating system for network storage servers (NAS) developed by Synology, Taiwan. The operating system can manage data, documents, photos, music and other information

Trust: 1.71

sources: NVD: CVE-2021-27649 // JVNDB: JVNDB-2021-008490 // VULHUB: VHN-386942

AFFECTED PRODUCTS

vendor:	synology	model:	diskstation manager unified controller	scope:	lt	version:	3.1-23033	Trust: 1.0
vendor:	synology	model:	diskstation manager	scope:	lt	version:	6.2.3-25426-3	Trust: 1.0
vendor:	synology	model:	diskstation manager	scope:	gte	version:	6.2	Trust: 1.0
vendor:	synology	model:	diskstation manager unified controller	scope:	-	version:	-	Trust: 0.8
vendor:	synology	model:	diskstation manager	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-008490 // NVD: CVE-2021-27649

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-27649
value:	CRITICAL
Trust: 1.0
security@synology.com:	CVE-2021-27649
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-27649
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202106-1617
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-386942
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-27649
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-386942
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-27649
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-008490
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-386942 // JVNDB: JVNDB-2021-008490 // CNNVD: CNNVD-202106-1617 // NVD: CVE-2021-27649 // NVD: CVE-2021-27649

PROBLEMTYPE DATA

problemtype:	CWE-416	Trust: 1.1
problemtype:	Use of freed memory (CWE-416) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-386942 // JVNDB: JVNDB-2021-008490 // NVD: CVE-2021-27649

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-1617

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202106-1617

PATCH

title:	Synology-SA-20	url:	https://www.synology.com/ja-jp/security/advisory/Synology_SA_20_26	Trust: 0.8
title:	Synology DiskStation Manager Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155549	Trust: 0.6

sources: JVNDB: JVNDB-2021-008490 // CNNVD: CNNVD-202106-1617

EXTERNAL IDS

db:	NVD	id:	CVE-2021-27649	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-008490	Trust: 0.8
db:	CNNVD	id:	CNNVD-202106-1617	Trust: 0.7
db:	VULHUB	id:	VHN-386942	Trust: 0.1

sources: VULHUB: VHN-386942 // JVNDB: JVNDB-2021-008490 // CNNVD: CNNVD-202106-1617 // NVD: CVE-2021-27649

REFERENCES

url:	https://www.synology.com/security/advisory/synology_sa_20_26	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-27649	Trust: 0.8

sources: VULHUB: VHN-386942 // JVNDB: JVNDB-2021-008490 // CNNVD: CNNVD-202106-1617 // NVD: CVE-2021-27649

SOURCES

db:	VULHUB	id:	VHN-386942
db:	JVNDB	id:	JVNDB-2021-008490
db:	CNNVD	id:	CNNVD-202106-1617
db:	NVD	id:	CVE-2021-27649

LAST UPDATE DATE

2024-08-14T14:25:18.634000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-386942	date:	2021-06-29T00:00:00
db:	JVNDB	id:	JVNDB-2021-008490	date:	2022-03-18T01:13:00
db:	CNNVD	id:	CNNVD-202106-1617	date:	2021-06-30T00:00:00
db:	NVD	id:	CVE-2021-27649	date:	2021-06-29T19:51:08.390

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-386942	date:	2021-06-23T00:00:00
db:	JVNDB	id:	JVNDB-2021-008490	date:	2022-03-18T00:00:00
db:	CNNVD	id:	CNNVD-202106-1617	date:	2021-06-23T00:00:00
db:	NVD	id:	CVE-2021-27649	date:	2021-06-23T10:15:08.183