Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SYNOLOGY_DSM_4_3_3810_3.NASL
HistoryFeb 05, 2014 - 12:00 a.m.

Synology DiskStation Manager < 4.3-3810 Update 3 Multiple FileBrowser Component Directory Traversal Vulnerabilities

2014-02-0500:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.8%

JSON

According to its version number, the Synology DiskStation Manager installed on the remote host is 4.3-x equal or prior to 4.3-3810. It is, therefore, affected by multiple directory traversal vulnerabilities in the FileBrowser component. The issue exists due to improper validation of values submitted to the various file parameters in the following scripts in the ‘/webapi/FileStation’ directory :

  • html5_upload.cgi
  • file_delete.cgi
  • file_download.cgi
  • file_sharing.cgi
  • file_share.cgi
  • file_MVCP.cgi
  • file_rename.cgi

Any authenticated user can exploit these affected files to read, write, and delete arbitrary files.

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(72346);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2013-6987");
  script_bugtraq_id(64483);

  script_name(english:"Synology DiskStation Manager < 4.3-3810 Update 3 Multiple FileBrowser Component Directory Traversal Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote Synology DiskStation Manager is affected by multiple
directory traversal vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its version number, the Synology DiskStation Manager
installed on the remote host is 4.3-x equal or prior to 4.3-3810.  It
is, therefore, affected by multiple directory traversal vulnerabilities
in the FileBrowser component.  The issue exists due to improper
validation of values submitted to the various file parameters in the
following scripts in the '/webapi/FileStation' directory :

  - html5_upload.cgi
  - file_delete.cgi
  - file_download.cgi
  - file_sharing.cgi
  - file_share.cgi
  - file_MVCP.cgi
  - file_rename.cgi

Any authenticated user can exploit these affected files to read, write,
and delete arbitrary files. 

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"solution", value:
"Upgrade to 4.3-3810 Update 3 or later, or contact the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2013-6987");
#https://www.synology.com/en-us/company/news/article/Synology_Fixes_Vulnerability_in_DiskStation_Manager/Synology%C2%AE%20repariert%20Schwachstelle%20in%20Diskstation%20Manager
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?75a666d4");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-6987");

  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/12/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/05");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:synology:diskstation_manager");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("synology_diskstation_manager_detect.nbin");
  script_require_keys("www/synology_dsm");
  script_require_ports("Services/www", 5000, 5001);

  exit(0);
}

include('http.inc');
include('webapp_func.inc');

port = get_http_port(default:5000, embedded:TRUE);

install = get_install_from_kb(appname:"synology_dsm", port:port, exit_on_fail:TRUE);

app = "Synology DiskStation Manager (DSM)";
dir = install["dir"];
install_loc = build_url(port:port, qs:dir + "/");

version = install["ver"];
if (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_WEB_APP_VER, app, install_loc);

ver = split(version, sep:".", keep:FALSE);
for (i=0; i<max_index(ver); i++)
  ver[i] = int(ver[i]);

version_fixed = '';

if (ver[0] > 4)
  {audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_loc, version);}
else if(ver[1] == 3  && ver[2] == 3810 && report_paranoia != 2)
  {audit(AUDIT_PARANOID);}
else if(ver[0] < 4 || (ver[1] == 0  && ver[2] < 2259))
  {version_fixed = '4.0-2259';}
else if(ver[1] == 1 || (ver[1] == 2  && ver[2] < 3243))
  {version_fixed = '4.2-3243';}
else if(ver[1] == 3  && (ver[2] < 3810 || (ver[2] == 3810 && report_paranoia == 2)))
  {version_fixed = '4.3-3827';}

if (version_fixed != '')
  {report =
    '\n  URL               : ' + install_loc +
    '\n  Installed version : ' + version +
    '\n  Fixed version     : ' + version_fixed + '\n';
  security_hole(port:port, extra:report);
  security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
  }
else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_loc, version);
VendorProductVersionCPE
synologydiskstation_managercpe:/a:synology:diskstation_manager

Related

nvd 1
zdt 1
cvelist 1
packetstorm 1
cve 1
seebug 1
prion 1
securityvulns 2
nvd
nvd
CVE-2013-6987
2013-12-31 16:04:23
zdt
zdt
Synology DSM 4.3-3810 - Directory Traversal
2013-12-24 00:00:00
cvelist
cvelist
CVE-2013-6987
2013-12-31 15:00:00
packetstorm
packetstorm
Synology DSM 4.3-3810 Directory Traversal
2013-12-23 00:00:00
cve
cve
CVE-2013-6987
2013-12-31 16:04:23
seebug
seebug
Synology DSM目录遍历漏洞
2013-12-25 00:00:00
prion
prion
Directory traversal
2013-12-31 16:04:00
securityvulns
securityvulns
Synology DiskStation Manager code execution
2014-03-27 00:00:00
CVE-2013-6955 Synology DSM remote code execution
2014-03-27 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.8%

JSON
Related for SYNOLOGY_DSM_4_3_3810_3.NASL
nvd1zdt1cvelist1packetstorm1cve1seebug1prion1securityvulns2