Details of VAR-202106-1477

ID

VAR-202106-1477

CVE

CVE-2021-29086

TITLE

Synology DiskStation Manager Information Disclosure Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-008493

DESCRIPTION

Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors. Synology DiskStation Manager (DSM) Contains an information disclosure vulnerability.Information may be obtained. Synology DiskStation Manager (DSM) is an operating system for network storage servers (NAS) developed by Synology, Taiwan. The operating system can manage data, documents, photos, music and other information

Trust: 1.71

sources: NVD: CVE-2021-29086 // JVNDB: JVNDB-2021-008493 // VULHUB: VHN-388626

AFFECTED PRODUCTS

vendor:	synology	model:	diskstation manager unified controller	scope:	lt	version:	3.1-23033	Trust: 1.0
vendor:	synology	model:	diskstation manager	scope:	lt	version:	6.2.3-25426-3	Trust: 1.0
vendor:	synology	model:	diskstation manager	scope:	gte	version:	6.2	Trust: 1.0
vendor:	synology	model:	diskstation manager unified controller	scope:	-	version:	-	Trust: 0.8
vendor:	synology	model:	diskstation manager	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-008493 // NVD: CVE-2021-29086

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-29086
value:	HIGH
Trust: 1.0
security@synology.com:	CVE-2021-29086
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-29086
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202106-1619
value:	HIGH
Trust: 0.6
VULHUB:	VHN-388626
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-29086
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-388626
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-29086
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
security@synology.com:	CVE-2021-29086
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-29086
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-388626 // JVNDB: JVNDB-2021-008493 // CNNVD: CNNVD-202106-1619 // NVD: CVE-2021-29086 // NVD: CVE-2021-29086

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.1
problemtype:	information leak (CWE-200) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-388626 // JVNDB: JVNDB-2021-008493 // NVD: CVE-2021-29086

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-1619

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202106-1619

PATCH

title:	Synology-SA-20	url:	https://www.synology.com/ja-jp/security/advisory/Synology_SA_20_26	Trust: 0.8
title:	Synology DiskStation Manager Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155551	Trust: 0.6

sources: JVNDB: JVNDB-2021-008493 // CNNVD: CNNVD-202106-1619

EXTERNAL IDS

db:	NVD	id:	CVE-2021-29086	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-008493	Trust: 0.8
db:	CNNVD	id:	CNNVD-202106-1619	Trust: 0.7
db:	VULHUB	id:	VHN-388626	Trust: 0.1

sources: VULHUB: VHN-388626 // JVNDB: JVNDB-2021-008493 // CNNVD: CNNVD-202106-1619 // NVD: CVE-2021-29086

REFERENCES

url:	https://www.synology.com/security/advisory/synology_sa_20_26	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-29086	Trust: 0.8

sources: VULHUB: VHN-388626 // JVNDB: JVNDB-2021-008493 // CNNVD: CNNVD-202106-1619 // NVD: CVE-2021-29086

SOURCES

db:	VULHUB	id:	VHN-388626
db:	JVNDB	id:	JVNDB-2021-008493
db:	CNNVD	id:	CNNVD-202106-1619
db:	NVD	id:	CVE-2021-29086

LAST UPDATE DATE

2024-08-14T15:01:27.055000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-388626	date:	2021-06-29T00:00:00
db:	JVNDB	id:	JVNDB-2021-008493	date:	2022-03-18T01:13:00
db:	CNNVD	id:	CNNVD-202106-1619	date:	2021-07-01T00:00:00
db:	NVD	id:	CVE-2021-29086	date:	2021-06-29T18:50:02.347

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-388626	date:	2021-06-23T00:00:00
db:	JVNDB	id:	JVNDB-2021-008493	date:	2022-03-18T00:00:00
db:	CNNVD	id:	CNNVD-202106-1619	date:	2021-06-23T00:00:00
db:	NVD	id:	CVE-2021-29086	date:	2021-06-23T10:15:08.407