Synology Skynas Firmware vulnerabilities
3 known vulnerabilities affecting synology/skynas_firmware.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1LOW1
Vulnerabilities
Page 1 of 1
CVE-2020-27648CRITICALCVSS 9.0fixed in 6.2.3-254262020-10-29
CVE-2020-27648 [CRITICAL] CWE-295 CVE-2020-27648: Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM
Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
nvd
CVE-2020-27652HIGHCVSS 8.3fixed in 6.2.3-254262020-10-29
CVE-2020-27652 [HIGH] CWE-327 CVE-2020-27652: Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3
Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
nvd
CVE-2020-27650LOWCVSS 3.7fixed in 6.2.3-254262020-10-29
CVE-2020-27650 [LOW] CWE-614 CVE-2020-27650: Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session
Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.
nvd