Missing Authentication Vulnerability in Synology DiskStation Manager iSCSI Management
CVE-2022-27623

7.4HIGH

Key Information:

Vendor: Synology
Status: Diskstation Manager (dsm)
Vendor: CVE Published:; 25 October 2022

What is CVE-2022-27623?

A vulnerability in the iSCSI management functionality of Synology DiskStation Manager (DSM) versions prior to 7.1-42661 allows remote attackers to exploit missing authentication measures. This security oversight potentially grants unauthorized users the ability to read or write arbitrary files, leading to significant risks for data integrity and privacy. Users must ensure they are using the latest version of DSM to mitigate these vulnerabilities effectively.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

DiskStation Manager (DSM) < 7.1-42661

References

https://www.synology.com/security/advisory/Synology_SA_22_18

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 25, 2022
Vulnerability Reserved
Mar 21, 2022

JSON

Synology

What is CVE-2022-27623?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.