Improper Privilege Management in Synology Presto File Server
CVE-2022-43749

4.3MEDIUM

Key Information:

Vendor: Synology
Status: Presto File Server
Vendor: CVE Published:; 26 October 2022

Summary

An improper privilege management vulnerability exists in the summary report management of Synology Presto File Server versions prior to 2.1.2-1601. This vulnerability allows remote authenticated users to bypass certain security restrictions, potentially compromising the integrity and confidentiality of sensitive data. Users should apply relevant security updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

Presto File Server < 2.1.2-1601

References

https://www.synology.com/security/advisory/Synology_SA_22_19

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 26, 2022
Vulnerability Reserved
Oct 26, 2022