10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.9%
Synology DiskStation Manager versions 4.3-3776-3 and below contain a vulnerability that allows a remote unauthenticated user to append arbitrary data to an arbitrary file under root privileges.
CWE-284: Improper Access Control - CVE-2013-6955
Synology DiskStation Manager versions 4.3-3776-3 and below allow a remote unauthenticated user to append arbitrary data to files on the system under root privileges. According to Synology:
Synology File Station in DSM employs a technique called βSlice Uploadβ to upload files when the file size is over 4GB [in the] Firefox browser. Since this feature is implemented in DSM4.0, all versions of DSM after DSM4.0 are subject to this vulnerability.
To exploit this vulnerability, an attacker needs to send a specially crafted HTTP POST request to /webman/imageSelector.cgi
containing the header fields X-TYPE-NAME: SLICEUPLOAD
and X-TMP-FILE
with the valid path of the file to append malicious code or data.
A remote unauthenticated attacker may be able to execute arbitrary code on the system under root privileges.
Apply an Update
Synology has advised users to upgrade to the latest version of DiskStation Manager (DSM).
For Synology products released in 2008 (x08 series), DSM4.0-2259 has been released to address this issue.
For Synology products released after 2009, DSM4.2-3243 has been released to address this issue for DSM4.2 users. DSM4.3-3810 Update 1 has been released to address this issue for DSM4.3 users.
615910
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: November 08, 2013 Updated: December 19, 2013
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 10 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Temporal | 7.8 | E:POC/RL:OF/RC:C |
Environmental | 2.0 | CDP:L/TD:L/CR:ND/IR:ND/AR:ND |
Thanks to Markus Wulftange for reporting this vulnerability.
This document was written by Todd Lewellen.
CVE IDs: | CVE-2013-6955 |
---|---|
Date Public: | 2014-01-07 Date First Published: |