CVE-2021-47960: A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows...

A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web page, attackers may retrieve sensitive files such as configuration files, certificates, and logs, leading to information disclosure.

Ghostwire Analysis — What This Means Practically

Exploitation Probability (EPSS): Low — 0.03% (8th percentile)

Low exploitation probability based on current threat landscape data. Standard patching timeline is appropriate.

Medium CVSS score indicates moderate risk — exploitation requires specific conditions or results in limited impact.
Exploit code is reported to be available, increasing the likelihood of active exploitation.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

CVE-2021-47960: A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows...

Description

Ghostwire Analysis — What This Means Practically

Security Coverage (1 articles)

References