Cleartext transmission of sensitive information in DiskStation Manager (DSM)

#VU52352 Cleartext transmission of sensitive information in DiskStation Manager (DSM)

Published: 2021-04-20

Vulnerability identifier: #VU52352

Vulnerability risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-26564

CWE-ID: CWE-319

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
DiskStation Manager (DSM)
Server applications / File servers (FTP/HTTP)

Vendor: Synology Inc.

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information in synorelayd. A remote attacker can perform a man-in-the-middle attack to spoof servers via an HTTP session.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

DiskStation Manager (DSM): 6.2.3 25426-2

External links
http://www.synology.com/security/advisory/Synology_SA_20_26
http://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1160

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Synology DiskStation Manager (DSM)