Lucene search

[email protected]NVD:CVE-2022-43748

HistoryOct 26, 2022 - 10:15 a.m.

CVE-2022-43748

2022-10-2610:15:17

CWE-22

[email protected]

web.nvd.nist.gov

path traversal

synology presto file server

remote attackers

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

40.8%

JSON

Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in file operation management in Synology Presto File Server before 2.1.2-1601 allows remote attackers to write arbitrary files via unspecified vectors.

Affected configurations

Nvd

Node

synologypresto_file_serverRange<2.1.2-1601

VendorProductVersionCPE
synologypresto_file_server*cpe:2.3:a:synology:presto_file_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
synology	presto_file_server	*	cpe:2.3:a:synology:presto_file_server::::::::

References

www.synology.com/security/advisory/Synology_SA_22_19

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

40.8%

JSON

Related for NVD:CVE-2022-43748

prion1 cvelist1 cve1