← volver
CVE-2017-9552

CVE-2017-9552

EPSS 0.3%CWE-522
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
13 jun 2017Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synophoto_dsm_user --auth USERNAME PASSWORD", and local users are able to obtain credentials by sniffing "/proc/*/cmdline".
Productos afectados
Synology · Synology Photo Station

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://blog.crozat.net/2017/06/synology-photostation-password-vulnerabilty.htmlhttps://www.synology.com/en-global/support/security/Photo_Station_CVE_2017_9552