Vulnerability Details CVE-2018-8929
Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-0224 allows remote attackers to conduct man-in-the-middle attacks via a crafted payload.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.9%
CVSS Severity
CVSS v3 Score 7.3
CVSS v2 Score 6.8
References
Products affected by CVE-2018-8929
-
cpe:2.3:a:synology:ssl_vpn_client:1.0.0-0075
-
cpe:2.3:a:synology:ssl_vpn_client:1.0.0-0076
-
cpe:2.3:a:synology:ssl_vpn_client:1.0.1-0084
-
cpe:2.3:a:synology:ssl_vpn_client:1.0.2-0087
-
cpe:2.3:a:synology:ssl_vpn_client:1.1.0-0127
-
cpe:2.3:a:synology:ssl_vpn_client:1.1.1-0131
-
cpe:2.3:a:synology:ssl_vpn_client:1.1.2-0142
-
cpe:2.3:a:synology:ssl_vpn_client:1.2.0-0211
-
cpe:2.3:a:synology:ssl_vpn_client:1.2.1-0212
-
cpe:2.3:a:synology:ssl_vpn_client:1.2.2-0215
-
cpe:2.3:a:synology:ssl_vpn_client:1.2.3-0219