Lucene search

SynologyCVELIST:CVE-2022-27623

HistoryOct 25, 2022 - 4:30 p.m.

CVE-2022-27623

2022-10-2516:30:49

CWE-306

synology

www.cve.org

synology

dsm

authentication

vulnerability

iscsi

management

files

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

46.8%

JSON

Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors.

CNA Affected

[
  {
    "vendor": "Synology",
    "product": "DiskStation Manager (DSM)",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "7.1-42661",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

www.synology.com/security/advisory/Synology_SA_22_18

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

46.8%

JSON

Related for CVELIST:CVE-2022-27623