Lucene search

SynologyCVE-2021-26563

HistoryFeb 26, 2021 - 10:15 p.m.

CVE-2021-26563

2021-02-2622:15:20

CWE-863

synology

web.nvd.nist.gov

cve-2021-26563

incorrect authorization

synoagentregisterd

synology diskstation manager

dsm

arbitrary code execution

local users

vulnerability

nvd

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

5.1%

JSON

Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.

Affected configurations

Nvd

Node

synologydiskstation_managerRange<6.2.4-25553

Node

synologyvs960hd_firmwareMatch-

AND

synologyvs960hdMatch-

Node

synologyskynas_firmwareMatch-

AND

synologyskynasMatch-

Node

synologydiskstation_manager_unified_controllerMatch3.0

AND

synologyuc3200Match-

VendorProductVersionCPE
synologydiskstation_manager*cpe:2.3:a:synology:diskstation_manager:*:*:*:*:*:*:*:*
synologyvs960hd_firmware-cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*
synologyvs960hd-cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*
synologyskynas_firmware-cpe:2.3:o:synology:skynas_firmware:-:*:*:*:*:*:*:*
synologyskynas-cpe:2.3:h:synology:skynas:-:*:*:*:*:*:*:*
synologydiskstation_manager_unified_controller3.0cpe:2.3:o:synology:diskstation_manager_unified_controller:3.0:*:*:*:*:*:*:*
synologyuc3200-cpe:2.3:h:synology:uc3200:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
synology	diskstation_manager	*	cpe:2.3:a:synology:diskstation_manager::::::::
synology	vs960hd_firmware	-	cpe:2.3:o:synology:vs960hd_firmware:-:::::::*
synology	vs960hd	-	cpe:2.3:h:synology:vs960hd:-:::::::*
synology	skynas_firmware	-	cpe:2.3:o:synology:skynas_firmware:-:::::::*
synology	skynas	-	cpe:2.3:h:synology:skynas:-:::::::*
synology	diskstation_manager_unified_controller	3.0	cpe:2.3:o:synology:diskstation_manager_unified_controller:3.0:::::::*
synology	uc3200	-	cpe:2.3:h:synology:uc3200:-:::::::*

CNA Affected

[
  {
    "product": "DiskStation Manager (DSM)",
    "vendor": "Synology",
    "versions": [
      {
        "lessThan": "6.2.4-25553",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.synology.com/security/advisory/Synology_SA_21_03

www.talosintelligence.com/vulnerability_reports/TALOS-2020-1158

Social References

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2021-26563