CVE-2020-27651 Vulnerability Details

  /     /     /  

CVE-2020-27651 Metadata Quick Info

CVE Published: 29/10/2020 | CVE Updated: 16/09/2024 | CVE Year: 2020
Source: synology | Vendor: Synology | Product: Synology Router Manager (SRM)
Status : PUBLISHED

CVE-2020-27651 Description

Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.

Metrics

CVSS Version: 3.1 | Base Score: 5.8 MEDIUM
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* NONE
    User Interaction (UI)* REQUIRED
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* LOW
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-614
CWE Name: CWE-614: Sensitive Cookie in HTTPS Session Without Secure Attribute
Source: Synology

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).