Skip to main content

Diskstation Manager Unified Controller CVE-2023-2729

HIGH
2023-06-13 security@synology.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 13, 2023 - 08:15 nvd
HIGH 7.5

DescriptionNVD

Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors.

AnalysisAI

Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors. Affected products include: Synology Diskstation Manager Unified Controller, Synology Router Manager, Synology Diskstation Manager. Version information: before 7.2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-3156 HIGH POC
7.8 Jan 26

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege

CVE-2021-26566 CRITICAL POC
9.0 Feb 26

Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) befo

CVE-2021-26564 HIGH POC
8.7 Feb 26

Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before

CVE-2021-26562 HIGH POC
8.1 Feb 26

Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allow

CVE-2021-26561 HIGH POC
8.1 Feb 26

Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426

CVE-2021-26560 HIGH POC
7.4 Feb 26

Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM

CVE-2021-26563 MEDIUM POC
6.7 Feb 26

Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 all

CVE-2021-26565 MEDIUM POC
5.9 Feb 26

Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before

CVE-2022-22687 CRITICAL
9.8 Mar 25

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in

CVE-2021-27649 CRITICAL
9.8 Jun 23

Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-2542

CVE-2024-45538 CRITICAL
9.6 Dec 04

Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation Manager (DSM) before 7.2.1-6

CVE-2023-0142 HIGH
8.1 Jun 13

Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM)

Share

CVE-2023-2729 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy