PT-2023-16031 · Synology · Synology Diskstation Manager

Chanyoung So

Publicado

2023-06-13

Atualizado

2025-01-14

CVE-2023-0142

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Synology DiskStation Manager (DSM) versions 6.2.4-25556-7 and earlier, 7.0.1-42218-6 and earlier Synology DiskStation Manager (DSM) version 7.1-42660 and earlier

Description The issue allows remote authenticated users with administrator privileges to read or write arbitrary files via unspecified vectors. This is due to an uncontrolled search path element vulnerability in the Backup Management functionality.

Recommendations For Synology DiskStation Manager (DSM) versions 6.2.4-25556-7 and earlier, update to version 6.2.4-25556-8 or later. For Synology DiskStation Manager (DSM) versions 7.0.1-42218-6 and earlier, update to version 7.0.1-42218-7 or later. For Synology DiskStation Manager (DSM) version 7.1-42660 and earlier, update to version 7.1-42661 or later.

Correção

Uncontrolled Search Path Element

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-427

Identificadores relacionados

CVE-2023-0142

Produtos afetados

Synology Diskstation Manager

PT-2023-16031 · Synology · Synology Diskstation Manager

CVE-2023-0142

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5