CVE-2020-27651

High

Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it…

synology·CWE-614·Published 2020-10-29

CVSS

8.1

EPSS

0.01

KEV

Exploits

cve.orgen

243 chars

Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.

NVDen

243 chars

NVDes

257 chars

Synology Router Manager (SRM) versiones anteriores a 1.2.4-8081, no establece el flag Secure para la cookie de sesión en una sesión HTTPS, lo que hace más fácil a atacantes remotos capturar esta cookie al interceptar su transmisión dentro de una sesión HTTP

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H