Vulnerability announced that affects Synology’s Disk Station Manager (DSM) iSCSI management functionality -
CVE-2022-27623
Multiple Synology CVE’s:
CVE-2022-27622
CVE-2022-27623
CVE-2022-0194
CVE-2022-23121
CVE-2022-23122
CVE-2022-23123
CVE-2022-23124
CVE-2022-23125
CVE-2022-27622
CVE-2022-27623
CVE-2022-0194
CVE-2022-23121
CVE-2022-23122
CVE-2022-23123
CVE-2022-23124
CVE-2022-23125
CVE-2007-1858
CVE-2014-0351
Vulnerability details
Authentication vulnerability - allows remote attackers to read or write arbitrary files
Vulnerability type - Missing Authentication for Critical Function - Mitre ID CWE-306
Announced by Synology - October 25, 2022
Synology Security Advisory (for this particular vulnerability)
www.synology.c...
lists multiple affected Synology DSM versions
National Vulnerability Database details published October 25, 2022
nvd.nist.gov/v...
CVSSv3
NVD scores this vuln as Critical at 9.1
Synology scores this vuln as High at 7.4
Known Exploits
As of today, no known exploits exist specific to this CVE.
Exploit-db has exploits for other Synology DB CVE’s, though. So this product is being targeted.
Solutions/Mitigations/Workarounds
Upgrade to DSM 7.1-42661 or above
No other mitigations or workarounds
Get Consulting: bit.ly/3R04Lsr
OCISO Knowledge Base: bit.ly/3kDGVHf
OCISO Social Media
Podcast: spoti.fi/3iuSwYa
Twitter: bit.ly/3EUkDIG
LinkedIn: bit.ly/3GIDQOY
Website: bit.ly/3gwN6uO
Facebook: bit.ly/3i9Wzsn
Sponsorship Request: If you are interested in Sponsoring Office of The CISO Videos Please Email sponsors@officeoftheciso.com
Topics Discussed:
Synology Disk Station
Synology Vulnerabilities
Synology Exploits
Негізгі бет CVE 2022 27623 Synology DSM Vulnerability
Пікірлер