Lucene search

SynologyCVELIST:CVE-2022-43749

HistoryOct 26, 2022 - 10:05 a.m.

CVE-2022-43749

2022-10-2610:05:08

CWE-269

synology

www.cve.org

cve-2022-43749

privilege management

summary report

synology presto file server

remote authenticated users

security constraint

bypass vulnerability

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

29.6%

JSON

Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via unspecified vectors.

CNA Affected

[
  {
    "vendor": "Synology",
    "product": "Presto File Server",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "2.1.2-1601",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

www.synology.com/security/advisory/Synology_SA_22_19

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

29.6%

JSON

Related for CVELIST:CVE-2022-43749