Insufficient Randomness in User Management Functionality of Synology DiskStation Manager
CVE-2023-2729
7.5HIGH
Summary
A security flaw in the User Management functionality of Synology DiskStation Manager (DSM) prior to version 7.2-64561 enables remote attackers to potentially exploit insufficiently random values. This vulnerability could lead to unauthorized access and compromise user credentials through unspecified attack vectors, posing a significant risk to affected systems.
Affected Version(s)
DiskStation Manager (DSM) 7.2
DiskStation Manager (DSM) 7.2 < 7.2-64561
DiskStation Manager (DSM) 7.1 < 7.1.*
News Articles
Security AffairsCVE-2023-2729A flaw in Synology DiskStation Manager allows admin account takeover
A vulnerability in Synology DiskStation Manager (DSM) could be exploited to decipher an administrator's password.
1 year ago
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
- π°
First article discovered by Security Affairs
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database1 News Article(s)
Credit
Sharon Brizinov of Claroty Research