Synology-SA-26:05 Synology SSL VPN Client

Abstract

• CVE-2021-47960 allows remote attackers to access sensitive files from the SSL VPN Client installation directory via a local HTTP service when a user interacts with a crafted web page.
• CVE-2021-47961 allows remote attackers to obtain or manipulate the PIN code in SSL VPN Client, potentially leading to unauthorized VPN configuration and traffic interception when a user interacts with a crafted web page.

Please refer to the Affected Products table for the corresponding updates.

Affected Products

Mitigation

None

Detail

• CVE-2021-47960

  • Severity: Important
  • CVSS3 Base Score: 6.5
  • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
  • CWE-552: Files or Directories Accessible to External Parties
  • A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web page, attackers may retrieve sensitive files such as configuration files, certificates, and logs, leading to information disclosure.

• CVE-2021-47961

  • Severity: Important
  • CVSS3 Base Score: 8.1
  • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
  • CWE-256: Plaintext Storage of a Password
  • A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combined with user interaction.

Acknowledgement

Laurent Sibilla (https://www.linkedin.com/in/lsibilla/)

Reference

• CVE-2021-47960
• CVE-2021-47961

Revision