SB2026041479 - Multiple vulnerabilities in Synology SSL VPN Client

Security Bulletin ID SB2026041479

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Files or Directories Accessible to External Parties (CVE-ID: CVE-2021-47960)

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to files or directories accessible to external parties in the local HTTP service bound to the loopback interface when handling requests from a crafted web page. A remote attacker can trick the victim into interacting with a crafted web page to disclose sensitive information.

User interaction is required, and exposed files may include configuration files, certificates, and logs from the installation directory.

2) Unprotected storage of credentials (CVE-ID: CVE-2021-47961)

The vulnerability allows a remote attacker to obtain or manipulate the PIN code, potentially leading to unauthorized VPN configuration and traffic interception.

The vulnerability exists due to plaintext storage of a password in PIN code storage when a user interacts with a crafted web page. A remote attacker can trick the victim into interacting with a crafted web page to obtain or manipulate the PIN code, potentially leading to unauthorized VPN configuration and traffic interception.

User interaction is required.

Remediation

Install update from vendor's website.

References

https://www.synology.com/en-global/security/advisory/Synology_SA_26_05