CVE-2022-27626
10CRITICAL
Summary
A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.
Affected Version(s)
DiskStation Manager (DSM) < 7.1.1-42962-2
CVSS V3.1
Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Risk change from: 8.1 to: 10 - (CRITICAL)
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database