Improper Communication Channel Restriction in Synology SSL VPN Client
CVE-2018-8929

7.3HIGH

Key Information:

Vendor: Synology
Status: Ssl Vpn Client
Vendor: CVE Published:; 6 July 2018

Summary

The Synology SSL VPN Client is susceptible to an improper restriction of the communication channel vulnerability, allowing remote attackers to exploit this flaw. By crafting a specific payload, an attacker can execute man-in-the-middle attacks, intercepting and potentially modifying traffic between the user and intended endpoints. This poses significant risks to the confidentiality and integrity of sensitive information transmitted through the VPN.

Affected Version(s)

SSL VPN Client < 1.2.4-0224

References

https://www.synology.com/en-global/support/security/Synol...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 6, 2018
Vulnerability Reserved
Mar 22, 2018