CVE-2017-9552
Severity Score
7.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synophoto_dsm_user --auth USERNAME PASSWORD", and local users are able to obtain credentials by sniffing "/proc/*/cmdline".
Un fallo de diseño en la autenticación en Synology Photo Station de la versión 6.0-2528 a la 6.7.1-3419 permite que usuarios locales obtengan credenciales mediante cmdline. Synology Photo Station emplea el programa synophoto_dsm_user para autenticar el nombre de usuario y la contraseña por "synophoto_dsm_user --auth USERNAME PASSWORD" y los usuarios locales pueden obtener credenciales rastreando "/proc/*/cmdline".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-06-12 CVE Reserved
- 2017-06-13 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
- CWE-522: Insufficiently Protected Credentials
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://blog.crozat.net/2017/06/synology-photostation-password-vulnerabilty.html | Issue Tracking | |
| https://www.synology.com/en-global/support/security/Photo_Station_CVE_2017_9552 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Synology Search vendor "Synology" | Photo Station Search vendor "Synology" for product "Photo Station" | 6.0-2528 Search vendor "Synology" for product "Photo Station" and version "6.0-2528" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Photo Station Search vendor "Synology" for product "Photo Station" | 6.0-2636 Search vendor "Synology" for product "Photo Station" and version "6.0-2636" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Photo Station Search vendor "Synology" for product "Photo Station" | 6.0-2638 Search vendor "Synology" for product "Photo Station" and version "6.0-2638" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Photo Station Search vendor "Synology" for product "Photo Station" | 6.0-2639 Search vendor "Synology" for product "Photo Station" and version "6.0-2639" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Photo Station Search vendor "Synology" for product "Photo Station" | 6.0-2640 Search vendor "Synology" for product "Photo Station" and version "6.0-2640" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Photo Station Search vendor "Synology" for product "Photo Station" | 6.3-2944 Search vendor "Synology" for product "Photo Station" and version "6.3-2944" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Photo Station Search vendor "Synology" for product "Photo Station" | 6.3-2958 Search vendor "Synology" for product "Photo Station" and version "6.3-2958" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Photo Station Search vendor "Synology" for product "Photo Station" | 6.3-2960 Search vendor "Synology" for product "Photo Station" and version "6.3-2960" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Photo Station Search vendor "Synology" for product "Photo Station" | 6.3-2962 Search vendor "Synology" for product "Photo Station" and version "6.3-2962" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Photo Station Search vendor "Synology" for product "Photo Station" | 6.3-2963 Search vendor "Synology" for product "Photo Station" and version "6.3-2963" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Photo Station Search vendor "Synology" for product "Photo Station" | 6.3-2964 Search vendor "Synology" for product "Photo Station" and version "6.3-2964" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Photo Station Search vendor "Synology" for product "Photo Station" | 6.3-2965 Search vendor "Synology" for product "Photo Station" and version "6.3-2965" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Photo Station Search vendor "Synology" for product "Photo Station" | 6.4-3166 Search vendor "Synology" for product "Photo Station" and version "6.4-3166" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Photo Station Search vendor "Synology" for product "Photo Station" | 6.5.0-3218 Search vendor "Synology" for product "Photo Station" and version "6.5.0-3218" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Photo Station Search vendor "Synology" for product "Photo Station" | 6.5.1-3223 Search vendor "Synology" for product "Photo Station" and version "6.5.1-3223" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Photo Station Search vendor "Synology" for product "Photo Station" | 6.5.2-3225 Search vendor "Synology" for product "Photo Station" and version "6.5.2-3225" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Photo Station Search vendor "Synology" for product "Photo Station" | 6.5.3-3226 Search vendor "Synology" for product "Photo Station" and version "6.5.3-3226" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Photo Station Search vendor "Synology" for product "Photo Station" | 6.6.0-3339 Search vendor "Synology" for product "Photo Station" and version "6.6.0-3339" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Photo Station Search vendor "Synology" for product "Photo Station" | 6.6.1-3345 Search vendor "Synology" for product "Photo Station" and version "6.6.1-3345" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Photo Station Search vendor "Synology" for product "Photo Station" | 6.6.1-3346 Search vendor "Synology" for product "Photo Station" and version "6.6.1-3346" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Photo Station Search vendor "Synology" for product "Photo Station" | 6.6.2-3346 Search vendor "Synology" for product "Photo Station" and version "6.6.2-3346" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Photo Station Search vendor "Synology" for product "Photo Station" | 6.6.3-3347 Search vendor "Synology" for product "Photo Station" and version "6.6.3-3347" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Photo Station Search vendor "Synology" for product "Photo Station" | 6.7.0-3414 Search vendor "Synology" for product "Photo Station" and version "6.7.0-3414" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Photo Station Search vendor "Synology" for product "Photo Station" | 6.7.1-3419 Search vendor "Synology" for product "Photo Station" and version "6.7.1-3419" | - |
Affected
| ||||||