cvelistv5 - cve-2021-26563

CVE-2021-26563 (GCVE-0-2021-26563)

Vulnerability from cvelistv5 – Published: 2021-02-26 21:45 – Updated: 2024-09-16 16:23

Summary

Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.

Severity ?

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-863 - Incorrect Authorization

Assigner

synology

References

URL

Tags

	https://www.talosintelligence.com/vulnerability_r…	x_refsource_MISC
	https://www.synology.com/security/advisory/Synolo…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Synology	DiskStation Manager (DSM)	Affected: unspecified , < 6.2.4-25553 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:26:25.477Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1158"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_21_03"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DiskStation Manager (DSM)",
          "vendor": "Synology",
          "versions": [
            {
              "lessThan": "6.2.4-25553",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-06-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-18T10:18:29",
        "orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
        "shortName": "synology"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1158"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/security/advisory/Synology_SA_21_03"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@synology.com",
          "DATE_PUBLIC": "2021-06-17T07:07:06.548759",
          "ID": "CVE-2021-26563",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DiskStation Manager (DSM)",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "6.2.4-25553"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Synology"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "8.2",
            "vectorString": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-863: Incorrect Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1158",
              "refsource": "MISC",
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1158"
            },
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_21_03",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/security/advisory/Synology_SA_21_03"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
    "assignerShortName": "synology",
    "cveId": "CVE-2021-26563",
    "datePublished": "2021-02-26T21:45:33.039881Z",
    "dateReserved": "2021-02-02T00:00:00",
    "dateUpdated": "2024-09-16T16:23:45.140Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:synology:diskstation_manager:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.2.4-25553\", \"matchCriteriaId\": \"BFE49AB6-9DA4-40BA-8096-F111FC5A7696\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3D0C5120-B961-440F-B454-584BC54B549C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1CCBDFF9-AF42-4681-879B-CF789EBAD130\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:synology:skynas_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"53EF087B-D7E9-4F9A-803A-B0260C495C67\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:synology:skynas:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0A88A76-CF8A-4D29-B480-E5317219072D\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:synology:diskstation_manager_unified_controller:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B04366E-B5F8-4835-B1FB-106AFD3D3785\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:synology:uc3200:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1100D972-198E-45F9-8F04-763F6FE88377\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de autorizaci\\u00f3n incorrecta en synoagentregisterd en Synology DiskStation Manager (DSM) antes de 6.2.4-25553 permite a los usuarios locales ejecutar c\\u00f3digo arbitrario a trav\\u00e9s de vectores no especificados\"}]",
      "id": "CVE-2021-26563",
      "lastModified": "2024-11-21T05:56:29.403",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security@synology.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 8.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.5, \"impactScore\": 6.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 6.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-02-26T22:15:20.143",
      "references": "[{\"url\": \"https://www.synology.com/security/advisory/Synology_SA_21_03\", \"source\": \"security@synology.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1158\", \"source\": \"security@synology.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://www.synology.com/security/advisory/Synology_SA_21_03\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1158\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "security@synology.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@synology.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-863\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-863\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-26563\",\"sourceIdentifier\":\"security@synology.com\",\"published\":\"2021-02-26T22:15:20.143\",\"lastModified\":\"2025-01-14T19:29:55.853\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de autorizaci\u00f3n incorrecta en synoagentregisterd en Synology DiskStation Manager (DSM) antes de 6.2.4-25553 permite a los usuarios locales ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@synology.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.5,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security@synology.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.2.4-25553\",\"matchCriteriaId\":\"A6EC7AE5-71BB-409F-B4CA-3EAFBF30ABC3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D0C5120-B961-440F-B454-584BC54B549C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CCBDFF9-AF42-4681-879B-CF789EBAD130\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:synology:skynas_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53EF087B-D7E9-4F9A-803A-B0260C495C67\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:synology:skynas:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0A88A76-CF8A-4D29-B480-E5317219072D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:synology:diskstation_manager_unified_controller:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B04366E-B5F8-4835-B1FB-106AFD3D3785\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:synology:uc3200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1100D972-198E-45F9-8F04-763F6FE88377\"}]}]}],\"references\":[{\"url\":\"https://www.synology.com/security/advisory/Synology_SA_21_03\",\"source\":\"security@synology.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1158\",\"source\":\"security@synology.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.synology.com/security/advisory/Synology_SA_21_03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1158\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}

FKIE_CVE-2021-26563

Vulnerability from fkie_nvd - Published: 2021-02-26 22:15 - Updated: 2025-01-14 19:29

Severity ?

8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.

References

URL	Tags
security@synology.com	https://www.synology.com/security/advisory/Synology_SA_21_03	Vendor Advisory
security@synology.com	https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1158	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.synology.com/security/advisory/Synology_SA_21_03	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1158	Exploit, Third Party Advisory

Impacted products

Vendor	Product	Version
synology	diskstation_manager	*
synology	vs960hd_firmware	-
synology	vs960hd	-
synology	skynas_firmware	-
synology	skynas	-
synology	diskstation_manager_unified_controller	3.0
synology	uc3200	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6EC7AE5-71BB-409F-B4CA-3EAFBF30ABC3",
              "versionEndExcluding": "6.2.4-25553",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D0C5120-B961-440F-B454-584BC54B549C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CCBDFF9-AF42-4681-879B-CF789EBAD130",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:synology:skynas_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "53EF087B-D7E9-4F9A-803A-B0260C495C67",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:synology:skynas:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0A88A76-CF8A-4D29-B480-E5317219072D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:synology:diskstation_manager_unified_controller:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B04366E-B5F8-4835-B1FB-106AFD3D3785",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:synology:uc3200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1100D972-198E-45F9-8F04-763F6FE88377",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de autorizaci\u00f3n incorrecta en synoagentregisterd en Synology DiskStation Manager (DSM) antes de 6.2.4-25553 permite a los usuarios locales ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados"
    }
  ],
  "id": "CVE-2021-26563",
  "lastModified": "2025-01-14T19:29:55.853",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 6.0,
        "source": "security@synology.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-26T22:15:20.143",
  "references": [
    {
      "source": "security@synology.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.synology.com/security/advisory/Synology_SA_21_03"
    },
    {
      "source": "security@synology.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1158"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.synology.com/security/advisory/Synology_SA_21_03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1158"
    }
  ],
  "sourceIdentifier": "security@synology.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "security@synology.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

GHSA-PPQ5-6H29-8HM2

Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2022-05-24 17:43

Details

Improper access control vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows local users to obtain sensitive information via a crafted kernel module.

Severity ?

6.7 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-26563"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-26T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Improper access control vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows local users to obtain sensitive information via a crafted kernel module.",
  "id": "GHSA-ppq5-6h29-8hm2",
  "modified": "2022-05-24T17:43:19Z",
  "published": "2022-05-24T17:43:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26563"
    },
    {
      "type": "WEB",
      "url": "https://www.synology.com/security/advisory/Synology_SA_20_26"
    },
    {
      "type": "WEB",
      "url": "https://www.synology.com/security/advisory/Synology_SA_21_03"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1158"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2021-13677

Vulnerability from cnvd - Published: 2021-03-01

Title

Synology DiskStation Manager不当访问控制漏洞

Description

Synology DiskStation Manager（DSM）是中国台湾群晖科技（Synology）公司的一套用于网络储存服务器（NAS）上的操作系统。该操作系统可管理资料、文件、照片、音乐等信息。 Synology DiskStation Manager 6.2.3-25426-3之前版本中的synoagentregisterd存在不当访问控制漏洞。攻击者利用该漏洞通过特制内核模块获取敏感信息。

Severity

高

Patch Name

Synology DiskStation Manager不当访问控制漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.synology.com/en-global/security/advisory/Synology_SA_20_26

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-26563

Impacted products

Name
Synology DiskStation Manager <6.2.3-25426-3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-26563",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-26563"
    }
  },
  "description": "Synology DiskStation Manager\uff08DSM\uff09\u662f\u4e2d\u56fd\u53f0\u6e7e\u7fa4\u6656\u79d1\u6280\uff08Synology\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u7f51\u7edc\u50a8\u5b58\u670d\u52a1\u5668\uff08NAS\uff09\u4e0a\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\u8be5\u64cd\u4f5c\u7cfb\u7edf\u53ef\u7ba1\u7406\u8d44\u6599\u3001\u6587\u4ef6\u3001\u7167\u7247\u3001\u97f3\u4e50\u7b49\u4fe1\u606f\u3002\n\nSynology DiskStation Manager 6.2.3-25426-3\u4e4b\u524d\u7248\u672c\u4e2d\u7684synoagentregisterd\u5b58\u5728\u4e0d\u5f53\u8bbf\u95ee\u63a7\u5236\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7279\u5236\u5185\u6838\u6a21\u5757\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.synology.com/en-global/security/advisory/Synology_SA_20_26",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-13677",
  "openTime": "2021-03-01",
  "patchDescription": "Synology DiskStation Manager\uff08DSM\uff09\u662f\u4e2d\u56fd\u53f0\u6e7e\u7fa4\u6656\u79d1\u6280\uff08Synology\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u7f51\u7edc\u50a8\u5b58\u670d\u52a1\u5668\uff08NAS\uff09\u4e0a\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\u8be5\u64cd\u4f5c\u7cfb\u7edf\u53ef\u7ba1\u7406\u8d44\u6599\u3001\u6587\u4ef6\u3001\u7167\u7247\u3001\u97f3\u4e50\u7b49\u4fe1\u606f\u3002\r\n\r\nSynology DiskStation Manager 6.2.3-25426-3\u4e4b\u524d\u7248\u672c\u4e2d\u7684synoagentregisterd\u5b58\u5728\u4e0d\u5f53\u8bbf\u95ee\u63a7\u5236\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7279\u5236\u5185\u6838\u6a21\u5757\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Synology DiskStation Manager\u4e0d\u5f53\u8bbf\u95ee\u63a7\u5236\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Synology DiskStation Manager \u003c6.2.3-25426-3"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-26563",
  "serverity": "\u9ad8",
  "submitTime": "2021-03-01",
  "title": "Synology DiskStation Manager\u4e0d\u5f53\u8bbf\u95ee\u63a7\u5236\u6f0f\u6d1e"
}

VAR-202102-1279

Vulnerability from variot - Updated: 2023-12-18 11:26

Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors. Synology DiskStation Manager (DSM) Contains an improper authentication vulnerability.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Synology DiskStation Manager (DSM) is an operating system for network storage servers (NAS) developed by Synology, Taiwan. The operating system can manage data, documents, photos, music and other information

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202102-1279",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "skynas",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "synology",
        "version": null
      },
      {
        "model": "vs960hd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "synology",
        "version": null
      },
      {
        "model": "diskstation manager unified controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "synology",
        "version": "3.0"
      },
      {
        "model": "diskstation manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "synology",
        "version": "6.2.4-25553"
      },
      {
        "model": "diskstation manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "synology",
        "version": null
      },
      {
        "model": "diskstation manager unified controller",
        "scope": null,
        "trust": 0.8,
        "vendor": "synology",
        "version": null
      },
      {
        "model": "skynas",
        "scope": null,
        "trust": 0.8,
        "vendor": "synology",
        "version": null
      },
      {
        "model": "vs960hd",
        "scope": null,
        "trust": 0.8,
        "vendor": "synology",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-004177"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-26563"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.2.4-25553",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:synology:skynas_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:synology:skynas:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:synology:diskstation_manager_unified_controller:3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:synology:uc3200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-26563"
      }
    ]
  },
  "cve": "CVE-2021-26563",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 2.1,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2021-26563",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-385704",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "security@synology.com",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.5,
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.4,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2021-26563",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-26563",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "security@synology.com",
            "id": "CVE-2021-26563",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202102-1707",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-385704",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-385704"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-004177"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-26563"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-26563"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1707"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors. Synology DiskStation Manager (DSM) Contains an improper authentication vulnerability.Information may be obtained. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Synology DiskStation Manager (DSM) is an operating system for network storage servers (NAS) developed by Synology, Taiwan. The operating system can manage data, documents, photos, music and other information",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-26563"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-004177"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULHUB",
        "id": "VHN-385704"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-26563",
        "trust": 2.5
      },
      {
        "db": "TALOS",
        "id": "TALOS-2020-1158",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-004177",
        "trust": 0.8
      },
      {
        "db": "CS-HELP",
        "id": "SB2021042002",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1707",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-385704",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-385704"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-004177"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-26563"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1707"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ]
  },
  "id": "VAR-202102-1279",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-385704"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:26:26.158000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Synology-SA-21",
        "trust": 0.8,
        "url": "https://www.synology.com/ja-jp/security/advisory/synology_sa_21_03"
      },
      {
        "title": "Synology DiskStation Manager Fixes for access control error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=143559"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-004177"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1707"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-863",
        "trust": 1.1
      },
      {
        "problemtype": "Bad authentication (CWE-863) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-385704"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-004177"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-26563"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://www.synology.com/security/advisory/synology_sa_21_03"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-26563"
      },
      {
        "trust": 1.1,
        "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2020-1158"
      },
      {
        "trust": 0.6,
        "url": "https://talosintelligence.com/vulnerability_reports/talos-2020-1158"
      },
      {
        "trust": 0.6,
        "url": "https://www.synology.com/security/advisory/synology_sa_20_26"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021042002"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-385704"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-004177"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-26563"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1707"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-385704"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-004177"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-26563"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1707"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-02-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-385704"
      },
      {
        "date": "2021-11-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-004177"
      },
      {
        "date": "2021-02-26T22:15:20.143000",
        "db": "NVD",
        "id": "CVE-2021-26563"
      },
      {
        "date": "2021-02-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-1707"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-04-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-385704"
      },
      {
        "date": "2021-11-16T06:39:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-004177"
      },
      {
        "date": "2022-04-26T13:45:17.027000",
        "db": "NVD",
        "id": "CVE-2021-26563"
      },
      {
        "date": "2022-04-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-1707"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1707"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Synology\u00a0DiskStation\u00a0Manager\u00a0 Authentication Vulnerability in Microsoft",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-004177"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "access control error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1707"
      }
    ],
    "trust": 0.6
  }
}

GSD-2021-26563

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.

Aliases

CVE-2021-26563

Aliases

CVE-2021-26563

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-26563",
    "description": "Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.",
    "id": "GSD-2021-26563"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-26563"
      ],
      "details": "Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.",
      "id": "GSD-2021-26563",
      "modified": "2023-12-13T01:23:33.315278Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@synology.com",
        "DATE_PUBLIC": "2021-06-17T07:07:06.548759",
        "ID": "CVE-2021-26563",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "DiskStation Manager (DSM)",
                    "version": {
                      "version_data": [
                        {
                          "affected": "\u003c",
                          "version_value": "6.2.4-25553"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Synology"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors."
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": "8.2",
          "vectorString": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-863: Incorrect Authorization"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1158",
            "refsource": "MISC",
            "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1158"
          },
          {
            "name": "https://www.synology.com/security/advisory/Synology_SA_21_03",
            "refsource": "CONFIRM",
            "url": "https://www.synology.com/security/advisory/Synology_SA_21_03"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.2.4-25553",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:synology:skynas_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:synology:skynas:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:synology:diskstation_manager_unified_controller:3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:synology:uc3200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@synology.com",
          "ID": "CVE-2021-26563"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-863"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1158",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1158"
            },
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_21_03",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.synology.com/security/advisory/Synology_SA_21_03"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 0.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-04-26T13:45Z",
      "publishedDate": "2021-02-26T22:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-26563 (GCVE-0-2021-26563)

FKIE_CVE-2021-26563

GHSA-PPQ5-6H29-8HM2

CNVD-2021-13677

VAR-202102-1279

GSD-2021-26563

Tags

Sightings

Nomenclature