Synology-SA-20:21 Zerologon
Publish Time: 2020-09-17 17:05:34 UTC+8
Last Updated: 2020-09-17 19:38:24 UTC+8
- Severity
- Critical
- Status
- Resolved
Abstract
A vulnerability allows remote attackers to bypass security constraints via a susceptible version of Synology Directory Server.
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| Synology Directory Server | Critical | Upgrade to 4.4.5-0101 or above. |
Mitigation
If you need immediate assistance, please contact Synology technical support via https://account.synology.com/support.
Detail
- CVE-2020-1472
- Severity: Critical
- CVSS3 Base Score: 10.0
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.
Reference
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2020-09-17 | Initial public release. |
| 2 | 2020-09-17 | Update for Synology Directory Server is now available in Affected Products. |