CVE-2022-27619 - OpenCVE

Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Synology	Note Station

Configuration 1 [-]

cpe:2.3:a:synology:note_station:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.synology.com/security/advisory/Synology_SA_22_12

History

No history.

MITRE

Status: PUBLISHED

Assigner: synology

Published: 2022-08-03T02:25:12.115302Z

Updated: 2024-09-17T02:46:46.570Z

Reserved: 2022-03-21T00:00:00

Link: CVE-2022-27619

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-08-03T03:15:08.227

Modified: 2022-08-09T13:14:03.220

Link: CVE-2022-27619

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Synology Note Station Client", "vendor": "Synology", "versions": [{"lessThan": "2.2.2-609", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2022-08-02T00:00:00", "descriptions": [{"lang": "en", "value": "Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "description": "CWE-319: Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-03T02:25:12", "orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01", "shortName": "synology"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.synology.com/security/advisory/Synology_SA_22_12"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@synology.com", "DATE_PUBLIC": "2022-08-02T16:02:05.608843", "ID": "CVE-2022-27619", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Synology Note Station Client", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "2.2.2-609"}]}}]}, "vendor_name": "Synology"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors."}]}, "impact": {"cvss": {"baseScore": "6.8", "vectorString": "AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-319: Cleartext Transmission of Sensitive Information"}]}]}, "references": {"reference_data": [{"name": "https://www.synology.com/security/advisory/Synology_SA_22_12", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_22_12"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:32:59.950Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.synology.com/security/advisory/Synology_SA_22_12"}]}]}, "cveMetadata": {"assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01", "assignerShortName": "synology", "cveId": "CVE-2022-27619", "datePublished": "2022-08-03T02:25:12.115302Z", "dateReserved": "2022-03-21T00:00:00", "dateUpdated": "2024-09-17T02:46:46.570Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:synology:note_station:*:*:*:*:*:*:*:*", "matchCriteriaId": "C82B7AA9-591D-471E-92A0-61255E0B9A4B", "versionEndExcluding": "2.2.2-609", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors."}, {"lang": "es", "value": "Una vulnerabilidad de la transmisi\u00f3n de informaci\u00f3n confidencial en texto sin cifrar en la administraci\u00f3n de la autenticaci\u00f3n en Synology Note Station Client versiones anteriores a 2.2.2-609, permite a atacantes de tipo man-in-the-middle obtener informaci\u00f3n confidencial por medio de vectores no especificados"}], "id": "CVE-2022-27619", "lastModified": "2022-08-09T13:14:03.220", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.0, "source": "security@synology.com", "type": "Secondary"}]}, "published": "2022-08-03T03:15:08.227", "references": [{"source": "security@synology.com", "tags": ["Vendor Advisory"], "url": "https://www.synology.com/security/advisory/Synology_SA_22_12"}], "sourceIdentifier": "security@synology.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "security@synology.com", "type": "Primary"}]}