Critical Security Flaws Discovered in Synology SSL VPN Client
In a significant development for cybersecurity, Synology has released a critical security update addressing dangerous vulnerabilities in its widely-used SSL VPN Client utility. These vulnerabilities could potentially allow remote attackers to access sensitive system files and intercept secure network traffic, posing substantial risks to both individual users and corporate networks.
Understanding the Security Flaws
The Synology SSL VPN Client is a popular tool used to establish encrypted connections to internal networks, making these vulnerabilities particularly concerning. They effectively create a backdoor through which threat actors could bypass traditional perimeter defenses, potentially gaining unrestricted access to network resources.
According to the National Vulnerability Database, these issues are classified under Security Advisory Synology-SA-26:05 and pose a significant threat to organizations and individuals who rely on this technology for secure remote access.
Vulnerability 1: CVE-2021-47960 – File System Access (CVSS 6.5)
The first vulnerability, identified as CVE-2021-47960, carries a Common Vulnerability Scoring System (CVSS) severity score of 6.5, making it a medium-to-high risk issue. The flaw stems from improper file permissions that leave files and directories within the VPN client’s installation directory exposed to external access.
An attacker could exploit this by tricking a user into visiting a specially crafted web page. This would allow the attacker to access a local HTTP server bound to the device’s loopback interface, potentially retrieving sensitive system files including:
- Application configurations
- Security certificates
- Connection logs
- User preferences and settings
Vulnerability 2: CVE-2021-47961 – Insecure Password Storage (CVSS 8.1)
The second vulnerability, tracked as CVE-2021-47961, presents an even greater threat with a CVSS score of 8.1 (high severity). This flaw arises from the insecure storage of user passwords in plaintext within the application, creating an easily exploitable weakness.
Remote attackers can leverage this vulnerability to access or manipulate a user’s personal identification number (PIN) code. Similar to the first vulnerability, this attack also requires the victim to interact with a malicious web page. Once successful, attackers could gain unauthorized control over VPN configurations and potentially intercept all subsequent VPN network traffic.
How These Vulnerabilities Are Exploited and Their Potential Impact
While both vulnerabilities require some level of user interaction, they remain highly dangerous in practice. Attackers typically employ social engineering tactics such as phishing emails or deceptive links to lure victims to malicious websites where the exploits are activated.
The consequences of successful exploitation are severe:
- Complete compromise of VPN security mechanisms
- Unauthorized access to sensitive network resources
- Potential man-in-the-middle attacks on VPN communications
- Exposure of authentication credentials and network topology
Security researcher Laurent Sibilla was credited with discovering and reporting these critical issues to Synology, demonstrating the importance of community vigilance in protecting digital infrastructure.
Recommended Actions: Immediate Patching is Essential
Synology has fully resolved these security issues in its latest software release. Unfortunately, there are no temporary mitigation strategies or alternative workarounds available for these specific flaws, making immediate patching the only effective defense.
Users and administrators are advised to take the following actions:
- Update the Synology SSL VPN Client to version 1.4.5-0684 or newer
- Verify that all endpoint environments have been updated
- Ensure remote workers have deployed the patched version
- Monitor network activity for any signs of unauthorized access
- Review VPN access logs for suspicious activity
Leaving older versions of the SSL VPN Client installed poses an unnecessary risk to the entire network infrastructure. Organizations should establish regular patch management procedures to prevent vulnerabilities from persisting in their systems.
For comprehensive information on the vulnerabilities and detailed update instructions, refer to the official Synology Security Advisory SA-26:05.