Synology SSL VPN Flaws Expose Sensitive Files Client Vulnerabilities

Synology has disclosed two severe vulnerabilities within its SSL VPN Client. These flaws could allow remote attackers to steal sensitive files and intercept network traffic.

The vulnerabilities affect users running older versions of the software and require immediate patching to prevent potential network compromise.

Virtual Private Networks serve as critical gateways for secure communications, making vulnerabilities in VPN client software highly attractive to threat actors.

A successful exploit of these flaws could give attackers a quiet foothold into user sessions and corporate data.

Synology SSL VPN Client Vulnerabilities

The latest security update resolves two distinct vulnerabilities, both rated “Important” by Synology.

The specific vulnerabilities tracked in this advisory include:

• CVE-2021-47960 (CVSS Score 6.5): This flaw involves files and directories being improperly accessible to external parties. It allows remote attackers to read sensitive files directly from the SSL VPN Client installation directory.
• CVE-2021-47961 (CVSS Score 8.1): This more severe vulnerability is caused by the plaintext storage of passwords. It enables remote attackers to obtain or manipulate the user’s PIN code due to insecure storage mechanisms on the local machine.

While both vulnerabilities can lead to significant system compromises, they share a common attack vector that requires user interaction.

A threat actor cannot trigger these flaws completely unprompted. Instead, the victim must be tricked into visiting a specially crafted malicious web page while the vulnerable Synology VPN client is running.

For the file access flaw, the attacker leverages a local HTTP server bound to the loopback interface.

Once the user interacts with the malicious page, the attacker can silently retrieve sensitive information, such as configuration files, digital certificates, and system logs.

For the PIN code vulnerability, the attack exposes the poorly stored credentials to the threat actor.

This ultimately allows the attacker to authorize rogue VPN configurations and intercept subsequent VPN traffic without the victim’s knowledge.

Security researcher Laurent Sibilla was credited with discovering and reporting these issues to the vendor.

Patch Availability and Remediation

According to the official advisory, there are currently no temporary mitigations or workarounds available to defend against these exploits.

Applying the official security patch is the only effective way to close these security gaps. To protect against these threats, users and network administrators must take the following steps:

• Upgrade the Synology SSL VPN Client to version 1.4.5-0684 or a newer release immediately.
• Educate network users about the risks of clicking suspicious links or visiting untrusted websites while connected to enterprise VPNs.
• Monitor VPN access logs for any unauthorized configuration changes, credential anomalies, or unusual traffic patterns.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.