Synology DiskStation Manager (DSM) Multiple Samba Vulnerabilities (Synology-SA-22:10)

2022-11-1800:00:00

plugins.openvas.org

samba

vulnerabilities

cve-2022-2031

cve-2022-32742

cve-2022-32744

cve-2022-32746

synology dsm

smb service

synology directory server

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

Low

0.038 Low

EPSS

Percentile

91.9%

JSON

Synology DiskStation Manager (DSM) is prone to multiple
vulnerabilities in Samba.

# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:synology:diskstation_manager";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.170232");
  script_version("2024-03-15T05:06:15+0000");
  script_tag(name:"last_modification", value:"2024-03-15 05:06:15 +0000 (Fri, 15 Mar 2024)");
  script_tag(name:"creation_date", value:"2022-11-18 13:30:55 +0000 (Fri, 18 Nov 2022)");
  script_tag(name:"cvss_base", value:"9.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2022-08-29 18:09:00 +0000 (Mon, 29 Aug 2022)");

  script_cve_id("CVE-2022-2031", "CVE-2022-32742", "CVE-2022-32744", "CVE-2022-32746");

  # nb: Seems that the affected component needs to be update separately
  script_tag(name:"qod_type", value:"remote_banner_unreliable");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("Synology DiskStation Manager (DSM) Multiple Samba Vulnerabilities (Synology-SA-22:10)");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2022 Greenbone AG");
  script_family("General");
  script_dependencies("gb_synology_dsm_consolidation.nasl");
  script_mandatory_keys("synology/dsm/detected");

  script_tag(name:"summary", value:"Synology DiskStation Manager (DSM) is prone to multiple
  vulnerabilities in Samba.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"The following flaws exist:

  - CVE-2022-2031: Samba AD users can bypass certain restrictions associated with changing passwords.

  - CVE-2022-32742: Server memory information leak via SMB1

  - CVE-2022-32744: By encrypting forged kpasswd requests with its own key, a user can change other
  users' passwords, enabling full domain takeover.

  - CVE-2022-32746: Samba AD users can induce a use-after-free in the server process with an LDAP
  add or modify request.");

  script_tag(name:"affected", value:"Synology DSM versions 6.2.x.");

  script_tag(name:"solution", value:"- Update SMB Service to version 4.15.13-0781 or later

  - Update Synology Directory Server to version 4.15.13-0615 or later

  Please see the referenced vendor advisory for further information.");

  script_xref(name:"URL", value:"https://www.synology.com/en-global/security/advisory/Synology_SA_22_10");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (!version = get_app_version(cpe: CPE, nofork: TRUE))
  exit(0);

# nb: Advisory only marks DSM 6.2 as affected
if (version =~ "^6\.2") {
  report = report_fixed_ver(installed_version: version, fixed_version: "See advisory");
  security_message(port: 0, data: report);
  exit(0);
}

exit(99);