Synology-SA-21:03 DSM

Abstract

Multiple vulnerabilities allow remote attackers to obtain sensitive information or local users to execute arbitrary code via a susceptible version of DiskStation Manager (DSM).

Affected Products

Mitigation

None

Detail

• CVE-2021-26563

  • Severity: Important
  • CVSS3 Base Score: 8.2
  • CVSS3 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.

• CVE-2021-29088

  • Severity: Important
  • CVSS3 Base Score: 7.8
  • CVSS3 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Improper limitation of a pathname to a restricted directory ('Path Traversal') in cgi component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.

• CVE-2022-22684

  • Severity: Important
  • CVSS3 Base Score: 7.2
  • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/MAV:L
  • Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in task management component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote attackers to execute arbitrary commands via unspecified vectors.

• CVE-2021-33182

  • Severity: Moderate
  • CVSS3 Base Score: 5.0
  • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
  • Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF Viewer component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to read limited files via unspecified vectors.

Acknowledgement

• Claudio Bozzato of Cisco Talos

• Bing-Jhong Jheng

• Qian Chen (@cq674350529) from Codesafe Team of Legendsec at Qi'anxin Group

Revision