 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.170499 |
| Categoría: | Denial of Service |
| Título: | Synology Router Manager (SRM) 1.2.x Multiple Vulnerabilities (Synology-SA-20:14) |
| Resumen: | Synology Router Manager (SRM) is prone to multiple; vulnerabilities. |
| Descripción: | Summary: Synology Router Manager (SRM) is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - CVE-2020-27649: An improper certificate validation vulnerability in OpenVPN client allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. - CVE-2020-27651: SRM does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. - CVE-2020-27653: An algorithm downgrade vulnerability in QuickConnect allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. - CVE-2020-27654: An improper access control vulnerability in lbd allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp. - CVE-2020-27655: An improper access control vulnerability allows remote attackers to access restricted resources via inbound QuickConnect traffic. - CVE-2020-27657: A cleartext transmission of sensitive information vulnerability in DDNS allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors. - CVE-2020-27658: SRM does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. Affected Software/OS: SRM version 1.2.x prior to 1.2.4-8081. Solution: Update to firmware version 1.2.4-8081 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2020-27649 https://www.synology.com/security/advisory/Synology_SA_20_14 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1058 Common Vulnerability Exposure (CVE) ID: CVE-2020-27651 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1059 Common Vulnerability Exposure (CVE) ID: CVE-2020-27653 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1061 Common Vulnerability Exposure (CVE) ID: CVE-2020-27654 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1064 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1065 Common Vulnerability Exposure (CVE) ID: CVE-2020-27655 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1066 Common Vulnerability Exposure (CVE) ID: CVE-2020-27657 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1071 Common Vulnerability Exposure (CVE) ID: CVE-2020-27658 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1086 |
| Copyright | Copyright (C) 2023 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |