Vulnerabilites related to synology - hd6500
Vulnerability from fkie_nvd
Published
2022-10-20 06:15
Modified
2025-01-14 19:29
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
synology | diskstation_manager | * | |
synology | ds3622xs\+ | - | |
synology | fs3410 | - | |
synology | hd6500 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E661755F-1521-4315-9E32-615148BAEF78", versionEndExcluding: "7.1.1-42962-2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:synology:ds3622xs\\+:-:*:*:*:*:*:*:*", matchCriteriaId: "CBC3E0E3-868D-4A35-A87D-37E0C79A0702", vulnerable: false, }, { criteria: "cpe:2.3:h:synology:fs3410:-:*:*:*:*:*:*:*", matchCriteriaId: "0C86BD06-9795-4AF0-9D44-F66D2C555A08", vulnerable: false, }, { criteria: "cpe:2.3:h:synology:hd6500:-:*:*:*:*:*:*:*", matchCriteriaId: "B397D029-DBFA-477B-B2ED-CFC4C66821EB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.", }, { lang: "es", value: "Se ha encontrado una vulnerabilidad relativa a la lectura fuera de límites en la funcionalidad session processing de Out-of-Band (OOB) Management. Esto permite a atacantes remotos obtener información confidencial por medio de vectores no especificados. Los siguientes modelos con Synology DiskStation Manager (DSM) versiones anteriores a 7.1.1-42962-2 pueden estar afectados: DS3622xs+, FS3410 y HD6500", }, ], id: "CVE-2022-3576", lastModified: "2025-01-14T19:29:55.853", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "security@synology.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-20T06:15:12.293", references: [ { source: "security@synology.com", tags: [ "Vendor Advisory", ], url: "https://www.synology.com/security/advisory/Synology_SA_22_17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.synology.com/security/advisory/Synology_SA_22_17", }, ], sourceIdentifier: "security@synology.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "security@synology.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-20 06:15
Modified
2025-01-14 19:29
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
synology | diskstation_manager | * | |
synology | ds3622xs\+ | - | |
synology | fs3410 | - | |
synology | hd6500 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E661755F-1521-4315-9E32-615148BAEF78", versionEndExcluding: "7.1.1-42962-2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:synology:ds3622xs\\+:-:*:*:*:*:*:*:*", matchCriteriaId: "CBC3E0E3-868D-4A35-A87D-37E0C79A0702", vulnerable: false, }, { criteria: "cpe:2.3:h:synology:fs3410:-:*:*:*:*:*:*:*", matchCriteriaId: "0C86BD06-9795-4AF0-9D44-F66D2C555A08", vulnerable: false, }, { criteria: "cpe:2.3:h:synology:hd6500:-:*:*:*:*:*:*:*", matchCriteriaId: "B397D029-DBFA-477B-B2ED-CFC4C66821EB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.", }, { lang: "es", value: "Se ha encontrado una vulnerabilidad relativa a la restricción inapropiada de operaciones dentro de los límites de un búfer de memoria en la funcionalidad message processing de Out-of-Band (OOB) Management. Esto permite a atacantes remotos ejecutar comandos arbitrarios por medio de vectores no especificados. Los siguientes modelos con Synology DiskStation Manager (DSM) versiones anteriores a 7.1.1-42962-2 pueden estar afectados: DS3622xs+, FS3410 y HD6500", }, ], id: "CVE-2022-27625", lastModified: "2025-01-14T19:29:55.853", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 6, source: "security@synology.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-20T06:15:11.360", references: [ { source: "security@synology.com", tags: [ "Vendor Advisory", ], url: "https://www.synology.com/security/advisory/Synology_SA_22_17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.synology.com/security/advisory/Synology_SA_22_17", }, ], sourceIdentifier: "security@synology.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "security@synology.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-20 06:15
Modified
2025-01-14 19:29
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
synology | diskstation_manager | * | |
synology | ds3622xs\+ | - | |
synology | fs3410 | - | |
synology | hd6500 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E661755F-1521-4315-9E32-615148BAEF78", versionEndExcluding: "7.1.1-42962-2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:synology:ds3622xs\\+:-:*:*:*:*:*:*:*", matchCriteriaId: "CBC3E0E3-868D-4A35-A87D-37E0C79A0702", vulnerable: false, }, { criteria: "cpe:2.3:h:synology:fs3410:-:*:*:*:*:*:*:*", matchCriteriaId: "0C86BD06-9795-4AF0-9D44-F66D2C555A08", vulnerable: false, }, { criteria: "cpe:2.3:h:synology:hd6500:-:*:*:*:*:*:*:*", matchCriteriaId: "B397D029-DBFA-477B-B2ED-CFC4C66821EB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.", }, { lang: "es", value: "Se ha encontrado una vulnerabilidad relativa a la restricción inapropiada de operaciones dentro de los límites de un búfer de memoria en la funcionalidad de Out-of-Band (OOB) Management. Esto permite a atacantes remotos ejecutar comandos arbitrarios por medio de vectores no especificados. Los siguientes modelos con Synology DiskStation Manager (DSM) versiones anteriores a 7.1.1-42962-2 pueden estar afectados: DS3622xs+, FS3410 y HD6500", }, ], id: "CVE-2022-27624", lastModified: "2025-01-14T19:29:55.853", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 6, source: "security@synology.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-20T06:15:09.620", references: [ { source: "security@synology.com", tags: [ "Vendor Advisory", ], url: "https://www.synology.com/security/advisory/Synology_SA_22_17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.synology.com/security/advisory/Synology_SA_22_17", }, ], sourceIdentifier: "security@synology.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "security@synology.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-20 06:15
Modified
2025-01-14 19:29
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
synology | diskstation_manager | * | |
synology | ds3622xs\+ | - | |
synology | fs3410 | - | |
synology | hd6500 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E661755F-1521-4315-9E32-615148BAEF78", versionEndExcluding: "7.1.1-42962-2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:synology:ds3622xs\\+:-:*:*:*:*:*:*:*", matchCriteriaId: "CBC3E0E3-868D-4A35-A87D-37E0C79A0702", vulnerable: false, }, { criteria: "cpe:2.3:h:synology:fs3410:-:*:*:*:*:*:*:*", matchCriteriaId: "0C86BD06-9795-4AF0-9D44-F66D2C555A08", vulnerable: false, }, { criteria: "cpe:2.3:h:synology:hd6500:-:*:*:*:*:*:*:*", matchCriteriaId: "B397D029-DBFA-477B-B2ED-CFC4C66821EB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.", }, { lang: "es", value: "Se ha detectado una vulnerabilidad relativa a la ejecución concurrente usando recursos compartidos con una sincronización inapropiada (\"Condición de Carrera\") en la funcionalidad session processing de Out-of-Band (OOB) Management. Esto permite a atacantes remotos ejecutar comandos arbitrarios por medio de vectores no especificados. Los siguientes modelos con Synology DiskStation Manager (DSM) versiones anteriores a 7.1.1-42962-2 pueden estar afectados: DS3622xs+, FS3410 y HD6500", }, ], id: "CVE-2022-27626", lastModified: "2025-01-14T19:29:55.853", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 6, source: "security@synology.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-20T06:15:11.857", references: [ { source: "security@synology.com", tags: [ "Vendor Advisory", ], url: "https://www.synology.com/security/advisory/Synology_SA_22_17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.synology.com/security/advisory/Synology_SA_22_17", }, ], sourceIdentifier: "security@synology.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, ], source: "security@synology.com", type: "Primary", }, ], }
cve-2022-27625
Vulnerability from cvelistv5
Published
2022-10-20 05:50
Modified
2024-09-17 04:09
Severity ?
EPSS score ?
Summary
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Synology | DiskStation Manager (DSM) |
Version: unspecified < 7.1.1-42962-2 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:32:59.822Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.synology.com/security/advisory/Synology_SA_22_17", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "DiskStation Manager (DSM)", vendor: "Synology", versions: [ { lessThan: "7.1.1-42962-2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2022-10-20T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-20T00:00:00", orgId: "db201096-a0cc-46c7-9a55-61d9e221bf01", shortName: "synology", }, references: [ { url: "https://www.synology.com/security/advisory/Synology_SA_22_17", }, ], }, }, cveMetadata: { assignerOrgId: "db201096-a0cc-46c7-9a55-61d9e221bf01", assignerShortName: "synology", cveId: "CVE-2022-27625", datePublished: "2022-10-20T05:50:14.818052Z", dateReserved: "2022-03-21T00:00:00", dateUpdated: "2024-09-17T04:09:49.703Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-27626
Vulnerability from cvelistv5
Published
2022-10-20 05:50
Modified
2024-09-16 23:25
Severity ?
EPSS score ?
Summary
A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Synology | DiskStation Manager (DSM) |
Version: unspecified < 7.1.1-42962-2 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:32:59.212Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.synology.com/security/advisory/Synology_SA_22_17", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "DiskStation Manager (DSM)", vendor: "Synology", versions: [ { lessThan: "7.1.1-42962-2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2022-10-20T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-362", description: "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-20T00:00:00", orgId: "db201096-a0cc-46c7-9a55-61d9e221bf01", shortName: "synology", }, references: [ { url: "https://www.synology.com/security/advisory/Synology_SA_22_17", }, ], }, }, cveMetadata: { assignerOrgId: "db201096-a0cc-46c7-9a55-61d9e221bf01", assignerShortName: "synology", cveId: "CVE-2022-27626", datePublished: "2022-10-20T05:50:10.327694Z", dateReserved: "2022-03-21T00:00:00", dateUpdated: "2024-09-16T23:25:48.826Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-27624
Vulnerability from cvelistv5
Published
2022-10-20 05:50
Modified
2024-09-17 03:18
Severity ?
EPSS score ?
Summary
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Synology | DiskStation Manager (DSM) |
Version: unspecified < 7.1.1-42962-2 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:32:59.875Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.synology.com/security/advisory/Synology_SA_22_17", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "DiskStation Manager (DSM)", vendor: "Synology", versions: [ { lessThan: "7.1.1-42962-2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2022-10-20T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-20T00:00:00", orgId: "db201096-a0cc-46c7-9a55-61d9e221bf01", shortName: "synology", }, references: [ { url: "https://www.synology.com/security/advisory/Synology_SA_22_17", }, ], }, }, cveMetadata: { assignerOrgId: "db201096-a0cc-46c7-9a55-61d9e221bf01", assignerShortName: "synology", cveId: "CVE-2022-27624", datePublished: "2022-10-20T05:50:20.654212Z", dateReserved: "2022-03-21T00:00:00", dateUpdated: "2024-09-17T03:18:51.141Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-3576
Vulnerability from cvelistv5
Published
2022-10-20 05:50
Modified
2024-09-16 19:36
Severity ?
EPSS score ?
Summary
A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Synology | DiskStation Manager (DSM) |
Version: unspecified < 7.1.1-42962-2 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:14:02.548Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.synology.com/security/advisory/Synology_SA_22_17", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "DiskStation Manager (DSM)", vendor: "Synology", versions: [ { lessThan: "7.1.1-42962-2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2022-10-20T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-20T00:00:00", orgId: "db201096-a0cc-46c7-9a55-61d9e221bf01", shortName: "synology", }, references: [ { url: "https://www.synology.com/security/advisory/Synology_SA_22_17", }, ], }, }, cveMetadata: { assignerOrgId: "db201096-a0cc-46c7-9a55-61d9e221bf01", assignerShortName: "synology", cveId: "CVE-2022-3576", datePublished: "2022-10-20T05:50:24.922383Z", dateReserved: "2022-10-18T00:00:00", dateUpdated: "2024-09-16T19:36:43.491Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }