CVE-2020-27648Improper Certificate Validation in Synology Diskstation Manager

CWE-295Improper Certificate Validation3 documents3 sources
Severity
9.0CRITICALNVD
CNA8.3
EPSS
0.2%
top 58.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Synology Diskstation ManagerSynology Skynas Firmware
Timeline
PublishedOct 29
Latest updateMay 24

Description

Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 2.2 | Impact: 6.0

Affected Packages3 packages

CVEListV5synology/diskstation_managerunspecified6.2.3-25426-2
NVDsynology/diskstation_manager6.26.2.3-25426-2
NVDsynology/skynas_firmware< 6.2.3-25426

🔴Vulnerability Details

2
GHSA
GHSA-f7vf-74cx-834m: Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 62022-05-24
CVEList
CVE-2020-27648: Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 62020-10-29
CVE-2020-27648 — Improper Certificate Validation | cvebase