Arbitrary Command Execution Vulnerability in Synology Drive Client
CVE-2022-49039

6.7MEDIUM

Key Information:

Vendor: Synology
Status: Synology Drive Client
Vendor: CVE Published:; 26 September 2024

What is CVE-2022-49039?

An out-of-bounds write vulnerability exists in the backup task management functionality of Synology Drive Client prior to version 3.4.0-15721. This vulnerability enables local users with administrator privileges to execute arbitrary commands through unspecified vectors, which could lead to potential unauthorized access and manipulation of system resources. Immediate action is recommended to mitigate the associated risks.

Affected Version(s)

Synology Drive Client *

References

https://www.synology.com/en-global/security/advisory/Syno...

vendor-advisory

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 26, 2024
Vulnerability Reserved
Sep 24, 2024

Credit

Zhao Runzi (赵润梓)