Arbitrary Command Execution Vulnerability in Synology Drive Client
CVE-2022-49039
6.7MEDIUM
Summary
An out-of-bounds write vulnerability exists in the backup task management functionality of Synology Drive Client prior to version 3.4.0-15721. This vulnerability enables local users with administrator privileges to execute arbitrary commands through unspecified vectors, which could lead to potential unauthorized access and manipulation of system resources. Immediate action is recommended to mitigate the associated risks.
Affected Version(s)
Synology Drive Client *
References
CVSS V3.1
Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database
Credit
Zhao Runzi (赵润梓)