CVE-2023-2729

7.5HIGH

Key Information

Vendor: Synology
Status: DiskStation Manager (DSM); Unified Controller (DSMUC); Synology Router Manager (SRM)
Vendor: CVE Published:; 13 June 2023

Badges

📰 News Worthy

Summary

Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors.

Affected Version(s)

DiskStation Manager (DSM) <= 7.2

DiskStation Manager (DSM) < 7.2-64561

DiskStation Manager (DSM) < 7.1.*

News Articles

Security Affairs

CVE-2023-2729

A flaw in Synology DiskStation Manager allows admin account takeover

A vulnerability in Synology DiskStation Manager (DSM) could be exploited to decipher an administrator's password.

1 year ago

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

First article discovered by Security Affairs
Oct 18, 2023
Vulnerability published.
Jun 13, 2023
Vulnerability Reserved.
May 16, 2023

Collectors

NVD DatabaseMitre Database1 News Article(s)

Credit

Sharon Brizinov of Claroty Research