CVE-2022-22679Path Traversal in Synology Diskstation Manager

CWE-22Path Traversal3 documents3 sources
Severity
4.9MEDIUMNVD
CNA6.5
EPSS
0.3%
top 49.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Synology Diskstation Manager
Timeline
PublishedFeb 7
Latest updateFeb 8

Description

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in support service management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to write arbitrary files via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5synology/diskstation_managerunspecified7.0.1-42218-2
NVDsynology/diskstation_manager6.26.2.4-25556-3+1

🔴Vulnerability Details

2
GHSA
GHSA-fgfm-hjh9-vxjr: Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in support service management in Synology DiskStation Man2022-02-08
CVEList
CVE-2022-22679: Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in support service management in Synology DiskStation Man2022-02-07
CVE-2022-22679 — Path Traversal in Synology | cvebase