Synology-SA-21:29 Samba

Publish Time: 2021-11-17 16:39:06 UTC+8

Last Updated: 2021-11-17 16:39:06 UTC+8

Severity
Important
Status
Ongoing

Abstract

CVE-2016-2124 and CVE-2020-25717 allow remote authenticated users and man-in-the-middle attackers to obtain sensitive information and bypass security constraint via a susceptible version of Synology DiskStation Manager (DSM), Synology Router Manager (SRM) and SMB Service.

CVE-2020-25718, CVE-2020-25719, CVE-2020-25721, CVE-2020-25722, CVE-2021-3738 and CVE-2021-23192 allow remote authenticated users and man-in-the-middle attackers to bypass security constraint and conduct denial-of-service attacks via a susceptible version of Synology Directory Server.

Affected Products

Product Severity Fixed Release Availability
DSM 6.2 Important Ongoing
SRM 1.2 Important Ongoing
SMB Service Important Ongoing
Synology Directory Server Important Ongoing

Mitigation

None

Detail

Reserved

Reference

Revision

Revision Date Description
1 2021-11-17 Initial public release.