Lucene search
SynologyCVE-2022-27623HistoryOct 25, 2022 - 5:15 p.m.
CVE-2022-27623
2022-10-2517:15:51
CWE-306
synology
web.nvd.nist.gov
38
cve-2022-27623
vulnerability
iscsi
synology diskstation manager
dsm
remote attack
file read
file write
nvd
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
9.2
Confidence
High
EPSS
0.001
Percentile
46.8%
Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors.
Affected configurations
Node
synologydiskstation_managerRange<7.1-42661
| Vendor | Product | Version | CPE |
|---|---|---|---|
| synology | diskstation_manager | * | cpe:2.3:a:synology:diskstation_manager:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Synology",
"product": "DiskStation Manager (DSM)",
"versions": [
{
"version": "unspecified",
"lessThan": "7.1-42661",
"status": "affected",
"versionType": "custom"
}
]
}
]Related
prion
prion
Authentication flaw
2022-10-25 17:15:00
cvelist
cvelist
CVE-2022-27623
2022-10-25 16:30:49
nvd
nvd
CVE-2022-27623
2022-10-25 17:15:51
openvas
openvas
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
9.2
Confidence
High
EPSS
0.001
Percentile
46.8%
Related for CVE-2022-27623