Synology SSL VPN Client Vulnerabilities Expose Sensitive Files

What Happened

Synology has recently disclosed two significant vulnerabilities in its SSL VPN Client. These flaws could allow remote attackers to access sensitive files and intercept network traffic. Users running older versions of the software are particularly at risk, making immediate patching essential to prevent potential network compromise.

The Flaw

The vulnerabilities are tracked as CVE-2021-47960 and CVE-2021-47961.

• CVE-2021-47960 (CVSS Score 6.5): This flaw allows remote attackers to read sensitive files directly from the SSL VPN Client installation directory due to improper access controls.
• CVE-2021-47961 (CVSS Score 8.1): This more severe vulnerability arises from the plaintext storage of passwords, enabling attackers to obtain or manipulate users’ PIN codes.

Both vulnerabilities require user interaction to exploit. Attackers must trick victims into visiting a specially crafted malicious web page while the vulnerable VPN client is running.

What's at Risk

Exploiting these vulnerabilities could provide attackers with a foothold into user sessions and corporate data. They can silently retrieve sensitive information such as configuration files, digital certificates, and system logs. Moreover, they could authorize rogue VPN configurations and intercept subsequent VPN traffic without the victim's knowledge.

Patch Status

Currently, there are no temporary mitigations or workarounds available. The only effective way to close these security gaps is by applying the official security patch. Users must upgrade the Synology SSL VPN Client to version 1.4.5-0684 or a newer release immediately.

Immediate Actions