Critical Synology VPN Vulnerabilities Let Attackers Access Sensitive Files
Key Takeaways Synology has addressed two critical vulnerabilities (CVE-2021-47960 and CVE-2021-47961) in its SSL VPN Client software. These flaws could allow remote attackers to access sensitive...
Key Takeaways
- Synology has addressed two critical vulnerabilities (CVE-2021-47960 and CVE-2021-47961) in its SSL VPN Client software.
- These flaws could allow remote attackers to access sensitive files, manipulate user PIN codes, and potentially intercept VPN traffic.
- The vulnerabilities impact older versions of the Synology SSL VPN Client and require user interaction with a malicious web page to exploit.
- Immediate patching to version 1.4.5-0684 or newer is essential, as no temporary workarounds exist.
Synology has issued a critical security advisory regarding two significant vulnerabilities discovered in its SSL VPN Client. These weaknesses present a serious risk, potentially enabling remote attackers to extract sensitive user files and compromise encrypted network communications.
Table Of Content
The identified flaws specifically target earlier iterations of the client software, underscoring the urgent need for users and administrators to update their installations to safeguard against potential network intrusions.
Given that Virtual Private Networks are fundamental for establishing secure digital pathways, any weakness in their client software becomes a prime target for malicious actors seeking unauthorized access to sensitive data and systems.
Successful exploitation of these vulnerabilities could grant attackers an unobserved entry point into user sessions and access to corporate data, severely undermining the integrity of the VPN connection.
Synology SSL VPN Client Vulnerabilities Uncovered
The recent security update from Synology addresses two distinct vulnerabilities, both classified as “Important” within the company’s security framework.
The specific vulnerabilities detailed in the advisory include:
- CVE-2021-47960 (CVSS Score 6.5): This vulnerability stems from improper access controls allowing external parties to reach certain files and directories. It permits remote attackers to read sensitive files directly from the SSL VPN Client’s installation directory.
- CVE-2021-47961 (CVSS Score 8.1): Considered more severe, this flaw results from the insecure storage of passwords in plaintext. Remote attackers can exploit this to obtain or alter a user’s PIN code due to inadequate local storage mechanisms.
While both vulnerabilities pose a significant risk of system compromise, their exploitation hinges on a shared attack vector that necessitates user engagement. Attackers cannot independently trigger these flaws; instead, a victim must be lured into navigating to a specially crafted malicious web page while the vulnerable Synology VPN client is active.
For the file access vulnerability, attackers leverage a local HTTP server bound to the loopback interface. Once a user interacts with the malicious web page, the attacker can silently retrieve confidential information, including configuration files, digital certificates, and system logs.
In the case of the PIN code vulnerability, the attack exposes poorly stored credentials to the threat actor. This ultimately allows the attacker to authorize rogue VPN configurations and intercept subsequent VPN traffic without the user’s knowledge.
Security researcher Laurent Sibilla was credited with the discovery and responsible disclosure of these issues to Synology.
Patch Availability and Remediation
The official advisory confirms that no temporary mitigations or workarounds are available to defend against these specific exploits. Consequently, applying the official security patch is the sole effective method to eliminate these security gaps.
What You Should Do
- Immediately upgrade the Synology SSL VPN Client to version 1.4.5-0684 or a more recent release.
- Educate all network users about the dangers of clicking suspicious links or visiting untrusted websites, especially while connected to enterprise VPNs.
- Proactively monitor VPN access logs for any signs of unauthorized configuration changes, unusual credential activity, or anomalous traffic patterns that could indicate a compromise.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.