CVE-2018-13280 — Use of Insufficiently Random Values in Synology Diskstation Manager

CWE-330 — Use of Insufficiently Random Values3 documents3 sources

Severity

5.9MEDIUMNVD

CNA7.4

EPSS

0.2%

top 63.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Synology Diskstation Manager

Timeline

PublishedJul 30

Latest updateMay 13

Description

Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5synology/diskstation_managerunspecified — 6.2-23739

▶NVDsynology/diskstation_manager< 6.2-23739

🔴Vulnerability Details

GHSA

GHSA-fq7w-prpm-xwrj: Use of insufficiently random values vulnerability in SYNO↗2022-05-13

▶

CVEList

CVE-2018-13280: Use of insufficiently random values vulnerability in SYNO↗2018-07-30

▶