Cipher Block Chaining Vulnerability in Synology Products
CVE-2017-17689

5.9MEDIUM

Key Information:

Vendor
Microsoft
Status
Outlook
Horde Imp
Gmail
Nine
Vendor
CVE Published:
16 May 2018

Summary

The S/MIME specification vulnerability in Synology products exposes them to a Cipher Block Chaining (CBC) malleability-gadget attack. This vulnerability can be exploited to indirectly exfiltrate plaintext data, posing a significant risk to the confidentiality of sensitive information transmitted via S/MIME. Users are advised to apply necessary patches and updates to mitigate this risk.

References

https://news.ycombinator.com/item?id=17066419
x_refsource_MISC
https://pastebin.com/gNCc8aYm
x_refsource_MISC
http://www.securityfocus.com/bid/104165
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.