Missing Authentication Vulnerability in Synology DiskStation Manager iSCSI Management
CVE-2022-27623

9.1CRITICAL

Key Information:

Vendor: Synology
Status: Diskstation Manager (dsm)
Vendor: CVE Published:; 25 October 2022

Summary

A vulnerability in the iSCSI management functionality of Synology DiskStation Manager (DSM) versions prior to 7.1-42661 allows remote attackers to exploit missing authentication measures. This security oversight potentially grants unauthorized users the ability to read or write arbitrary files, leading to significant risks for data integrity and privacy. Users must ensure they are using the latest version of DSM to mitigate these vulnerabilities effectively.

Affected Version(s)

DiskStation Manager (DSM) < 7.1-42661

References

https://www.synology.com/security/advisory/Synology_SA_22_18

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 25, 2022
Vulnerability Reserved
Mar 21, 2022