Lucene search

SynologyCVELIST:CVE-2023-0142

HistoryJun 13, 2023 - 6:52 a.m.

CVE-2023-0142

2023-06-1306:52:50

synology

www.cve.org

backup management functionality

remote authenticated users

arbitrary files.

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

32.6%

JSON

Uncontrolled search path element vulnerability in Backup Management Functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to read or write arbitrary files via unspecified vectors.

CNA Affected

[
  {
    "vendor": "Synology",
    "product": "DiskStation Manager (DSM)",
    "versions": [
      {
        "version": "7.2",
        "status": "unaffected",
        "lessThan": "7.2.*",
        "versionType": "semver"
      },
      {
        "version": "7.1",
        "status": "affected",
        "lessThan": "7.1-42661",
        "versionType": "semver"
      },
      {
        "version": "7.0",
        "status": "affected",
        "lessThan": "7.0.*",
        "versionType": "semver"
      },
      {
        "version": "6.2",
        "status": "affected",
        "lessThan": "6.2.*",
        "versionType": "semver"
      },
      {
        "version": "0",
        "status": "unknown",
        "lessThan": "6.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "Synology",
    "product": "Unified Controller (DSMUC)",
    "versions": [
      {
        "version": "3.1",
        "status": "affected",
        "lessThan": "3.1.*",
        "versionType": "semver"
      },
      {
        "version": "0",
        "status": "unknown",
        "lessThan": "3.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "Synology",
    "product": "Synology Router Manager (SRM)",
    "versions": [
      {
        "version": "1.3",
        "status": "affected",
        "lessThan": "1.3.*",
        "versionType": "semver"
      },
      {
        "version": "1.2",
        "status": "affected",
        "lessThan": "1.2.*",
        "versionType": "semver"
      },
      {
        "version": "0",
        "status": "unknown",
        "lessThan": "1.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

www.synology.com/en-global/security/advisory/Synology_SA_23_05

www.synology.com/en-global/security/advisory/Synology_SA_23_06

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

32.6%

JSON

Related for CVELIST:CVE-2023-0142