Improper Communication Channel Restriction in Synology SSL VPN Client
CVE-2018-8929

7.3HIGH

Key Information:

Vendor: Synology
Status: Ssl Vpn Client
Vendor: CVE Published:; 6 July 2018

What is CVE-2018-8929?

The Synology SSL VPN Client is susceptible to an improper restriction of the communication channel vulnerability, allowing remote attackers to exploit this flaw. By crafting a specific payload, an attacker can execute man-in-the-middle attacks, intercepting and potentially modifying traffic between the user and intended endpoints. This poses significant risks to the confidentiality and integrity of sensitive information transmitted through the VPN.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SSL VPN Client < 1.2.4-0224

References

https://www.synology.com/en-global/support/security/Synol...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 6, 2018
Vulnerability Reserved
Mar 22, 2018

JSON

Synology