Critical Vulnerabilities in Synology SSL VPN Client Expose Sensitive Data to Remote Attacks
Synology has recently disclosed two significant security vulnerabilities in its SSL VPN Client software that could allow remote attackers to access sensitive files and intercept network traffic. These flaws, identified as CVE-2021-47960 and CVE-2021-47961, affect users operating older versions of the software and necessitate immediate updates to prevent potential network breaches.
Understanding the Vulnerabilities
Virtual Private Networks (VPNs) are essential for secure communications, making vulnerabilities in VPN client software particularly attractive to cybercriminals. Exploiting these flaws could provide attackers with unauthorized access to user sessions and corporate data.
The two vulnerabilities addressed in Synology’s latest security update are:
1. CVE-2021-47960 (CVSS Score 6.5): This vulnerability involves improper access controls, allowing remote attackers to read sensitive files directly from the SSL VPN Client installation directory.
2. CVE-2021-47961 (CVSS Score 8.1): This more severe flaw results from the plaintext storage of passwords, enabling remote attackers to obtain or manipulate the user’s PIN code due to insecure storage mechanisms on the local machine.
Both vulnerabilities require user interaction for exploitation. An attacker cannot trigger these flaws without user involvement. Instead, the victim must be deceived into visiting a specially crafted malicious web page while the vulnerable Synology VPN client is active.
Exploitation Mechanisms
For the file access vulnerability (CVE-2021-47960), the attacker utilizes a local HTTP server bound to the loopback interface. Once the user interacts with the malicious page, the attacker can silently retrieve sensitive information, such as configuration files, digital certificates, and system logs.
Regarding the PIN code vulnerability (CVE-2021-47961), the attack exposes poorly stored credentials to the threat actor. This exposure allows the attacker to authorize rogue VPN configurations and intercept subsequent VPN traffic without the victim’s knowledge.
Security researcher Laurent Sibilla was credited with discovering and reporting these issues to Synology.
Recommended Actions
According to Synology’s official advisory, there are no temporary mitigations or workarounds available to defend against these exploits. Applying the official security patch is the only effective method to close these security gaps.
To protect against these threats, users and network administrators should:
– Upgrade the Synology SSL VPN Client: Immediately update to version 1.4.5-0684 or a newer release.
– Educate Users: Inform network users about the risks of clicking suspicious links or visiting untrusted websites while connected to enterprise VPNs.
– Monitor VPN Access Logs: Regularly check for any unauthorized configuration changes, credential anomalies, or unusual traffic patterns.
Broader Implications
This disclosure underscores the critical importance of maintaining up-to-date software, especially for tools that facilitate secure remote access. VPN clients are integral to protecting sensitive data, and vulnerabilities within them can serve as gateways for cyberattacks.
Organizations should implement comprehensive security strategies that include regular software updates, user education, and vigilant monitoring of network activities. By staying proactive, businesses can mitigate the risks associated with such vulnerabilities and safeguard their digital assets.
