Synology-SA-19:42 Intel Processor Vulnerability

Publish Time: 2019-12-20 15:08:42 UTC+8

Last Updated: 2019-12-20 15:08:42 UTC+8

Severity
Moderate
Status
Accepted

Abstract

A vulnerability allows local users to conduct denial-of-service attacks, obtain sensitive information, or conduct privilege escalation attacks via a susceptible version of DiskStation Manager (DSM).

Affected Products

Product Severity Fixed Release Availability
DSM 6.2[1] Moderate Ongoing

[1] FS6400, RS3617RPxs, RS3617xs+, DS3617xs, DS3018xs, RS4017xs+, RS18017xs+, RS3618xs, FS1018, FS2017, RS1619xs+, SA3400, FS3400, UC3200, SA3600, FS3600, SA3200D

Mitigation

None

Detail

  • CVE-2019-14607
    • Severity: Moderate
    • CVSS3 Base Score: 5.3
    • CVSS3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
    • Improper conditions check in multiple Intel® Processors may allow an authenticated user to potentially enable partial escalation of privilege, denial of service and/or information disclosure via local access.

Reference

Revision

Revision Date Description
1 2019-12-20 Initial public release.