Lucene search

SynologyCVELIST:CVE-2022-27624

HistoryOct 20, 2022 - 5:50 a.m.

CVE-2022-27624

2022-10-2005:50:20

CWE-119

synology

www.cve.org

vulnerability

oob management

packet decryption

remote attackers

arbitrary commands

synology diskstation manager

versions

affected

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

44.2%

JSON

A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.

CNA Affected

[
  {
    "vendor": "Synology",
    "product": "DiskStation Manager (DSM)",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "7.1.1-42962-2",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

www.synology.com/security/advisory/Synology_SA_22_17

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

44.2%

JSON

Related for CVELIST:CVE-2022-27624