CVE-2022-27624

2022-10-2006:15:09

CWE-119

[email protected]

web.nvd.nist.gov

vulnerability

memory buffer

restriction

oob management

remote code execution

synology diskstation manager

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

44.2%

JSON

A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.

Affected configurations

Nvd

Node

synologydiskstation_managerRange<7.1.1-42962-2

AND

synologyds3622xs\+Match-

synologyfs3410Match-

synologyhd6500Match-

VendorProductVersionCPE
synologydiskstation_manager*cpe:2.3:a:synology:diskstation_manager:*:*:*:*:*:*:*:*
synologyds3622xs\+-cpe:2.3:h:synology:ds3622xs\+:-:*:*:*:*:*:*:*
synologyfs3410-cpe:2.3:h:synology:fs3410:-:*:*:*:*:*:*:*
synologyhd6500-cpe:2.3:h:synology:hd6500:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
synology	diskstation_manager	*	cpe:2.3:a:synology:diskstation_manager::::::::
synology	ds3622xs\+	-	cpe:2.3:h:synology:ds3622xs\+:-:::::::*
synology	fs3410	-	cpe:2.3:h:synology:fs3410:-:::::::*
synology	hd6500	-	cpe:2.3:h:synology:hd6500:-:::::::*