CVE-2018-8929
7.3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-0224 allows remote attackers to conduct man-in-the-middle attacks via a crafted payload.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Synology | SSL VPN Client | unspecified < 1.2.4-0224 | affected |
Weaknesses
- CWE-319: CWE-319: Cleartext Transmission of Sensitive Information
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.