Lucene search

SynologyCVE-2022-43748

HistoryOct 26, 2022 - 10:15 a.m.

CVE-2022-43748

2022-10-2610:15:17

CWE-22

synology

web.nvd.nist.gov

cve-2022-43748

path traversal

synology presto file server

vulnerability

nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

40.8%

JSON

Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in file operation management in Synology Presto File Server before 2.1.2-1601 allows remote attackers to write arbitrary files via unspecified vectors.

Affected configurations

Nvd

Node

synologypresto_file_serverRange<2.1.2-1601

VendorProductVersionCPE
synologypresto_file_server*cpe:2.3:a:synology:presto_file_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
synology	presto_file_server	*	cpe:2.3:a:synology:presto_file_server::::::::

CNA Affected

[
  {
    "vendor": "Synology",
    "product": "Presto File Server",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "2.1.2-1601",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

www.synology.com/security/advisory/Synology_SA_22_19

Social References

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

40.8%

JSON

Related for CVE-2022-43748