Vulnerabilites related to synology - hd6500
Vulnerability from fkie_nvd
Published
2022-10-20 06:15
Modified
2025-01-14 19:29
Summary
A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E661755F-1521-4315-9E32-615148BAEF78",
                     versionEndExcluding: "7.1.1-42962-2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:synology:ds3622xs\\+:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CBC3E0E3-868D-4A35-A87D-37E0C79A0702",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:synology:fs3410:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C86BD06-9795-4AF0-9D44-F66D2C555A08",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:synology:hd6500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B397D029-DBFA-477B-B2ED-CFC4C66821EB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.",
      },
      {
         lang: "es",
         value: "Se ha encontrado una vulnerabilidad relativa a la lectura fuera de límites en la funcionalidad session processing de Out-of-Band (OOB) Management. Esto permite a atacantes remotos obtener información confidencial por medio de vectores no especificados. Los siguientes modelos con Synology DiskStation Manager (DSM) versiones anteriores a 7.1.1-42962-2 pueden estar afectados: DS3622xs+, FS3410 y HD6500",
      },
   ],
   id: "CVE-2022-3576",
   lastModified: "2025-01-14T19:29:55.853",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "security@synology.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-10-20T06:15:12.293",
   references: [
      {
         source: "security@synology.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.synology.com/security/advisory/Synology_SA_22_17",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.synology.com/security/advisory/Synology_SA_22_17",
      },
   ],
   sourceIdentifier: "security@synology.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
         ],
         source: "security@synology.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-10-20 06:15
Modified
2025-01-14 19:29
Summary
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E661755F-1521-4315-9E32-615148BAEF78",
                     versionEndExcluding: "7.1.1-42962-2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:synology:ds3622xs\\+:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CBC3E0E3-868D-4A35-A87D-37E0C79A0702",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:synology:fs3410:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C86BD06-9795-4AF0-9D44-F66D2C555A08",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:synology:hd6500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B397D029-DBFA-477B-B2ED-CFC4C66821EB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.",
      },
      {
         lang: "es",
         value: "Se ha encontrado una vulnerabilidad relativa a la restricción inapropiada de operaciones dentro de los límites de un búfer de memoria en la funcionalidad message processing de Out-of-Band (OOB) Management. Esto permite a atacantes remotos ejecutar comandos arbitrarios por medio de vectores no especificados. Los siguientes modelos con Synology DiskStation Manager (DSM) versiones anteriores a 7.1.1-42962-2 pueden estar afectados: DS3622xs+, FS3410 y HD6500",
      },
   ],
   id: "CVE-2022-27625",
   lastModified: "2025-01-14T19:29:55.853",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 10,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 6,
            source: "security@synology.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-10-20T06:15:11.360",
   references: [
      {
         source: "security@synology.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.synology.com/security/advisory/Synology_SA_22_17",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.synology.com/security/advisory/Synology_SA_22_17",
      },
   ],
   sourceIdentifier: "security@synology.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "security@synology.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-10-20 06:15
Modified
2025-01-14 19:29
Summary
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E661755F-1521-4315-9E32-615148BAEF78",
                     versionEndExcluding: "7.1.1-42962-2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:synology:ds3622xs\\+:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CBC3E0E3-868D-4A35-A87D-37E0C79A0702",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:synology:fs3410:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C86BD06-9795-4AF0-9D44-F66D2C555A08",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:synology:hd6500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B397D029-DBFA-477B-B2ED-CFC4C66821EB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.",
      },
      {
         lang: "es",
         value: "Se ha encontrado una vulnerabilidad relativa a la restricción inapropiada de operaciones dentro de los límites de un búfer de memoria en la funcionalidad de  Out-of-Band (OOB) Management. Esto permite a atacantes remotos ejecutar comandos arbitrarios por medio de vectores no especificados. Los siguientes modelos con Synology DiskStation Manager (DSM) versiones anteriores a 7.1.1-42962-2 pueden estar afectados: DS3622xs+, FS3410 y HD6500",
      },
   ],
   id: "CVE-2022-27624",
   lastModified: "2025-01-14T19:29:55.853",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 10,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 6,
            source: "security@synology.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-10-20T06:15:09.620",
   references: [
      {
         source: "security@synology.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.synology.com/security/advisory/Synology_SA_22_17",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.synology.com/security/advisory/Synology_SA_22_17",
      },
   ],
   sourceIdentifier: "security@synology.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "security@synology.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-10-20 06:15
Modified
2025-01-14 19:29
Summary
A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E661755F-1521-4315-9E32-615148BAEF78",
                     versionEndExcluding: "7.1.1-42962-2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:synology:ds3622xs\\+:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CBC3E0E3-868D-4A35-A87D-37E0C79A0702",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:synology:fs3410:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C86BD06-9795-4AF0-9D44-F66D2C555A08",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:synology:hd6500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B397D029-DBFA-477B-B2ED-CFC4C66821EB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.",
      },
      {
         lang: "es",
         value: "Se ha detectado una vulnerabilidad relativa a la ejecución concurrente usando recursos compartidos con una sincronización inapropiada (\"Condición de Carrera\") en la funcionalidad session processing de Out-of-Band (OOB) Management. Esto permite a atacantes remotos ejecutar comandos arbitrarios por medio de vectores no especificados. Los siguientes modelos con Synology DiskStation Manager (DSM) versiones anteriores a 7.1.1-42962-2 pueden estar afectados: DS3622xs+, FS3410 y HD6500",
      },
   ],
   id: "CVE-2022-27626",
   lastModified: "2025-01-14T19:29:55.853",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 10,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 6,
            source: "security@synology.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.1,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-10-20T06:15:11.857",
   references: [
      {
         source: "security@synology.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.synology.com/security/advisory/Synology_SA_22_17",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.synology.com/security/advisory/Synology_SA_22_17",
      },
   ],
   sourceIdentifier: "security@synology.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-362",
            },
         ],
         source: "security@synology.com",
         type: "Primary",
      },
   ],
}

cve-2022-27625
Vulnerability from cvelistv5
Published
2022-10-20 05:50
Modified
2024-09-17 04:09
Severity ?
Summary
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.
Impacted products
Vendor Product Version
Synology DiskStation Manager (DSM) Version: unspecified   < 7.1.1-42962-2
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T05:32:59.822Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.synology.com/security/advisory/Synology_SA_22_17",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "DiskStation Manager (DSM)",
               vendor: "Synology",
               versions: [
                  {
                     lessThan: "7.1.1-42962-2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         datePublic: "2022-10-20T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 10,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-119",
                     description: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-10-20T00:00:00",
            orgId: "db201096-a0cc-46c7-9a55-61d9e221bf01",
            shortName: "synology",
         },
         references: [
            {
               url: "https://www.synology.com/security/advisory/Synology_SA_22_17",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "db201096-a0cc-46c7-9a55-61d9e221bf01",
      assignerShortName: "synology",
      cveId: "CVE-2022-27625",
      datePublished: "2022-10-20T05:50:14.818052Z",
      dateReserved: "2022-03-21T00:00:00",
      dateUpdated: "2024-09-17T04:09:49.703Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-27626
Vulnerability from cvelistv5
Published
2022-10-20 05:50
Modified
2024-09-16 23:25
Severity ?
Summary
A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.
Impacted products
Vendor Product Version
Synology DiskStation Manager (DSM) Version: unspecified   < 7.1.1-42962-2
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T05:32:59.212Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.synology.com/security/advisory/Synology_SA_22_17",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "DiskStation Manager (DSM)",
               vendor: "Synology",
               versions: [
                  {
                     lessThan: "7.1.1-42962-2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         datePublic: "2022-10-20T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 10,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-362",
                     description: "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-10-20T00:00:00",
            orgId: "db201096-a0cc-46c7-9a55-61d9e221bf01",
            shortName: "synology",
         },
         references: [
            {
               url: "https://www.synology.com/security/advisory/Synology_SA_22_17",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "db201096-a0cc-46c7-9a55-61d9e221bf01",
      assignerShortName: "synology",
      cveId: "CVE-2022-27626",
      datePublished: "2022-10-20T05:50:10.327694Z",
      dateReserved: "2022-03-21T00:00:00",
      dateUpdated: "2024-09-16T23:25:48.826Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-27624
Vulnerability from cvelistv5
Published
2022-10-20 05:50
Modified
2024-09-17 03:18
Severity ?
Summary
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.
Impacted products
Vendor Product Version
Synology DiskStation Manager (DSM) Version: unspecified   < 7.1.1-42962-2
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T05:32:59.875Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.synology.com/security/advisory/Synology_SA_22_17",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "DiskStation Manager (DSM)",
               vendor: "Synology",
               versions: [
                  {
                     lessThan: "7.1.1-42962-2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         datePublic: "2022-10-20T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 10,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-119",
                     description: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-10-20T00:00:00",
            orgId: "db201096-a0cc-46c7-9a55-61d9e221bf01",
            shortName: "synology",
         },
         references: [
            {
               url: "https://www.synology.com/security/advisory/Synology_SA_22_17",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "db201096-a0cc-46c7-9a55-61d9e221bf01",
      assignerShortName: "synology",
      cveId: "CVE-2022-27624",
      datePublished: "2022-10-20T05:50:20.654212Z",
      dateReserved: "2022-03-21T00:00:00",
      dateUpdated: "2024-09-17T03:18:51.141Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-3576
Vulnerability from cvelistv5
Published
2022-10-20 05:50
Modified
2024-09-16 19:36
Summary
A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.
Impacted products
Vendor Product Version
Synology DiskStation Manager (DSM) Version: unspecified   < 7.1.1-42962-2
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T01:14:02.548Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.synology.com/security/advisory/Synology_SA_22_17",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "DiskStation Manager (DSM)",
               vendor: "Synology",
               versions: [
                  {
                     lessThan: "7.1.1-42962-2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         datePublic: "2022-10-20T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-125",
                     description: "CWE-125: Out-of-bounds Read",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-10-20T00:00:00",
            orgId: "db201096-a0cc-46c7-9a55-61d9e221bf01",
            shortName: "synology",
         },
         references: [
            {
               url: "https://www.synology.com/security/advisory/Synology_SA_22_17",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "db201096-a0cc-46c7-9a55-61d9e221bf01",
      assignerShortName: "synology",
      cveId: "CVE-2022-3576",
      datePublished: "2022-10-20T05:50:24.922383Z",
      dateReserved: "2022-10-18T00:00:00",
      dateUpdated: "2024-09-16T19:36:43.491Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}