Vulnerability Details CVE-2018-13283
Lack of administrator control over security vulnerability in client.cgi in Synology SSL VPN Client before 1.2.5-0226 allows remote attackers to conduct man-in-the-middle attacks via the (1) command, (2) hostname, or (3) port parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.7%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 5.8
References
Products affected by CVE-2018-13283
-
cpe:2.3:a:synology:ssl_vpn_client:1.0.0-0075
-
cpe:2.3:a:synology:ssl_vpn_client:1.0.0-0076
-
cpe:2.3:a:synology:ssl_vpn_client:1.0.1-0084
-
cpe:2.3:a:synology:ssl_vpn_client:1.0.2-0087
-
cpe:2.3:a:synology:ssl_vpn_client:1.1.0-0127
-
cpe:2.3:a:synology:ssl_vpn_client:1.1.1-0131
-
cpe:2.3:a:synology:ssl_vpn_client:1.1.2-0142
-
cpe:2.3:a:synology:ssl_vpn_client:1.2.0-0211
-
cpe:2.3:a:synology:ssl_vpn_client:1.2.1-0212
-
cpe:2.3:a:synology:ssl_vpn_client:1.2.2-0215
-
cpe:2.3:a:synology:ssl_vpn_client:1.2.3-0219
-
cpe:2.3:a:synology:ssl_vpn_client:1.2.4-0224