Vulnerability Details CVE-2021-47960
A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web page, attackers may retrieve sensitive files such as configuration files, certificates, and logs, leading to information disclosure.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 8.5%
CVSS Severity
CVSS v3 Score 6.5
Products affected by CVE-2021-47960
-
cpe:2.3:a:synology:ssl_vpn_client:1.0.0-0075
-
cpe:2.3:a:synology:ssl_vpn_client:1.0.0-0076
-
cpe:2.3:a:synology:ssl_vpn_client:1.0.1-0084
-
cpe:2.3:a:synology:ssl_vpn_client:1.0.2-0087
-
cpe:2.3:a:synology:ssl_vpn_client:1.1.0-0127
-
cpe:2.3:a:synology:ssl_vpn_client:1.1.1-0131
-
cpe:2.3:a:synology:ssl_vpn_client:1.1.2-0142
-
cpe:2.3:a:synology:ssl_vpn_client:1.2.0-0211
-
cpe:2.3:a:synology:ssl_vpn_client:1.2.1-0212
-
cpe:2.3:a:synology:ssl_vpn_client:1.2.2-0215
-
cpe:2.3:a:synology:ssl_vpn_client:1.2.3-0219
-
cpe:2.3:a:synology:ssl_vpn_client:1.2.4-0224
-
cpe:2.3:a:synology:ssl_vpn_client:1.2.5-0226
-
cpe:2.3:a:synology:ssl_vpn_client:1.3.1-0420
-
cpe:2.3:a:synology:ssl_vpn_client:1.3.2-0422
-
cpe:2.3:a:synology:ssl_vpn_client:1.3.3-0425
-
cpe:2.3:a:synology:ssl_vpn_client:1.3.4-0430
-
cpe:2.3:a:synology:ssl_vpn_client:1.3.5-0440
-
cpe:2.3:a:synology:ssl_vpn_client:1.3.5-0442
-
cpe:2.3:a:synology:ssl_vpn_client:1.3.6-0454
-
cpe:2.3:a:synology:ssl_vpn_client:1.3.7-0462
-
cpe:2.3:a:synology:ssl_vpn_client:1.3.8-0469
-
cpe:2.3:a:synology:ssl_vpn_client:1.3.9-0472
-
cpe:2.3:a:synology:ssl_vpn_client:1.4.0-0529
-
cpe:2.3:a:synology:ssl_vpn_client:1.4.2-0533
-
cpe:2.3:a:synology:ssl_vpn_client:1.4.4-0635