Synology-SA-18:14 DSM

Publish Time: 2018-03-27 16:02:31 UTC+8

Last Updated: 2018-12-24 21:24:52 UTC+8

Severity
Important
Status
Resolved

Abstract

Multiple vulnerabilities allow remote attackers to steal credentials or inject arbitrary web script or HTML via a susceptible version of Synology DiskStation Manager (DSM).

Affected Products

Product Severity Fixed Release Availability
DSM 6.1 Important Upgrade to 6.1.6-15266 or above.
DSM 6.0 Important Upgrade to 6.1.6-15266 or above.
DSM 5.2 Important Upgrade to 6.1.6-15266 or above.

Mitigation

None

Detail

  • CVE-2018-8917

    • Severity: Moderate
    • CVSS3 Base Score: 6.5
    • CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
    • Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter.
  • CVE-2018-8919

    • Severity: Important
    • CVSS3 Base Score: 8.3
    • CVSS3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
    • Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors.
  • CVE-2018-8920

    • Severity: Moderate
    • CVSS3 Base Score: 5.9
    • CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
    • Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format.

Acknowledgement

  • Xie Wei (解炜)

  • 1N3@CrowdShield (https://crowdshield.com)

  • Taien Wang (https://www.linkedin.com/in/taienwang/)

Revision

Revision Date Description
1 2018-03-27 Initial public release.
2 2018-12-24 Disclosed vulnerability details.