PT-2023-16031 · Synology · Synology Diskstation Manager
Chanyoung So
·
Published
2023-06-13
·
Updated
2025-01-14
·
CVE-2023-0142
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Synology DiskStation Manager (DSM) versions 6.2.4-25556-7 and earlier, 7.0.1-42218-6 and earlier
Synology DiskStation Manager (DSM) version 7.1-42660 and earlier
Description
The issue allows remote authenticated users with administrator privileges to read or write arbitrary files via unspecified vectors. This is due to an uncontrolled search path element vulnerability in the Backup Management functionality.
Recommendations
For Synology DiskStation Manager (DSM) versions 6.2.4-25556-7 and earlier, update to version 6.2.4-25556-8 or later.
For Synology DiskStation Manager (DSM) versions 7.0.1-42218-6 and earlier, update to version 7.0.1-42218-7 or later.
For Synology DiskStation Manager (DSM) version 7.1-42660 and earlier, update to version 7.1-42661 or later.
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Synology Diskstation Manager