Lucene search
SynologyCVE-2023-0142HistoryJun 13, 2023 - 7:15 a.m.
CVE-2023-0142
2023-06-1307:15:46
synology
web.nvd.nist.gov
26
cve-2023-0142
uncontrolled search path
synology diskstation manager
dsm
backup management
vulnerability
nvd
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
AI Score
7.5
Confidence
High
EPSS
0.001
Percentile
32.6%
Uncontrolled search path element vulnerability in Backup Management Functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to read or write arbitrary files via unspecified vectors.
Affected configurations
Node
synologydiskstation_managerRange6.2–7.1-42661
ORsynologydiskstation_manager_unified_controllerMatch3.1
ORsynologyrouter_managerRange1.2–1.3.1-9346
ORsynologyrouter_managerMatch1.3.1-9346
ORsynologyrouter_managerMatch1.3.1-9346update_1
ORsynologyrouter_managerMatch1.3.1-9346update_2
ORsynologyrouter_managerMatch1.3.1-9346update_3
ORsynologyrouter_managerMatch1.3.1-9346update_4
ORsynologyrouter_managerMatch1.3.1-9346update_5
| Vendor | Product | Version | CPE |
|---|---|---|---|
| synology | diskstation_manager | * | cpe:2.3:a:synology:diskstation_manager:*:*:*:*:*:*:*:* |
| synology | diskstation_manager_unified_controller | 3.1 | cpe:2.3:a:synology:diskstation_manager_unified_controller:3.1:*:*:*:*:*:*:* |
| synology | router_manager | * | cpe:2.3:a:synology:router_manager:*:*:*:*:*:*:*:* |
| synology | router_manager | 1.3.1-9346 | cpe:2.3:a:synology:router_manager:1.3.1-9346:*:*:*:*:*:*:* |
| synology | router_manager | 1.3.1-9346 | cpe:2.3:a:synology:router_manager:1.3.1-9346:update_1:*:*:*:*:*:* |
| synology | router_manager | 1.3.1-9346 | cpe:2.3:a:synology:router_manager:1.3.1-9346:update_2:*:*:*:*:*:* |
| synology | router_manager | 1.3.1-9346 | cpe:2.3:a:synology:router_manager:1.3.1-9346:update_3:*:*:*:*:*:* |
| synology | router_manager | 1.3.1-9346 | cpe:2.3:a:synology:router_manager:1.3.1-9346:update_4:*:*:*:*:*:* |
| synology | router_manager | 1.3.1-9346 | cpe:2.3:a:synology:router_manager:1.3.1-9346:update_5:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Synology",
"product": "DiskStation Manager (DSM)",
"versions": [
{
"version": "7.2",
"status": "unaffected",
"lessThan": "7.2.*",
"versionType": "semver"
},
{
"version": "7.1",
"status": "affected",
"lessThan": "7.1-42661",
"versionType": "semver"
},
{
"version": "7.0",
"status": "affected",
"lessThan": "7.0.*",
"versionType": "semver"
},
{
"version": "6.2",
"status": "affected",
"lessThan": "6.2.*",
"versionType": "semver"
},
{
"version": "0",
"status": "unknown",
"lessThan": "6.2",
"versionType": "semver"
}
],
"defaultStatus": "affected"
},
{
"vendor": "Synology",
"product": "Unified Controller (DSMUC)",
"versions": [
{
"version": "3.1",
"status": "affected",
"lessThan": "3.1.*",
"versionType": "semver"
},
{
"version": "0",
"status": "unknown",
"lessThan": "3.1",
"versionType": "semver"
}
],
"defaultStatus": "affected"
},
{
"vendor": "Synology",
"product": "Synology Router Manager (SRM)",
"versions": [
{
"version": "1.3",
"status": "affected",
"lessThan": "1.3.*",
"versionType": "semver"
},
{
"version": "1.2",
"status": "affected",
"lessThan": "1.2.*",
"versionType": "semver"
},
{
"version": "0",
"status": "unknown",
"lessThan": "1.2",
"versionType": "semver"
}
],
"defaultStatus": "affected"
}
]Related
prion
prion
Path traversal
2023-06-13 07:15:00
openvas
openvas
nvd
nvd
CVE-2023-0142
2023-06-13 07:15:46
cvelist
cvelist
CVE-2023-0142
2023-06-13 06:52:50
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
AI Score
7.5
Confidence
High
EPSS
0.001
Percentile
32.6%
Related for CVE-2023-0142