Synology-SA-18:37 Photo Station

Publish Time: 2018-07-23 10:32:14 UTC+8

Last Updated: 2018-10-31 22:46:47 UTC+8

Severity
Moderate
Status
Resolved

Abstract

A vulnerability allows remote attackers to hijack web sessions via a susceptible version of Synology Photo Station.

Affected Products

Product Severity Fixed Release Availability
Photo Station 6.8 Moderate Upgrade to 6.8.7-3481 or above.
Photo Station 6.3 Moderate Upgrade to 6.3-2976 or above.

Mitigation

None

Detail

  • CVE-2018-13282
    • Severity: Moderate
    • CVSS3 Base Score: 5.6
    • CVSS3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
    • Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter.

Revision

Revision Date Description
1 2018-07-23 Initial public release.
2 2018-10-31 Disclosed vulnerability details.