Untrusted Control Sphere Vulnerability Affects Synology Drive Client
CVE-2022-49038

7.8HIGH

Key Information:

Vendor: Synology
Status: Synology Drive Client
Vendor: CVE Published:; 26 September 2024

Summary

An inclusion of functionality from an untrusted control sphere vulnerability exists within the OpenSSL DLL component of Synology Drive Client prior to version 3.3.0-15082. This flaw permits local users to execute arbitrary code, potentially compromising system integrity through unspecified attack vectors. Users are advised to upgrade to the latest version to mitigate this risk.

Affected Version(s)

Synology Drive Client *

References

https://www.synology.com/en-global/security/advisory/Syno...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 26, 2024
Vulnerability Reserved
Sep 24, 2024

Collectors

NVD DatabaseMitre Database

Credit

Zhao Runzi (赵润梓)