CVE-2022-27615

CWE-22Path Traversal3 documents3 sources
Severity
8.1HIGH
EPSS
0.7%
top 27.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Synology DNS Server
Timeline
PublishedJul 28
Latest updateJul 29

Description

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology DNS Server before 2.2.2-5027 allows remote authenticated users to delete arbitrary files via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 3.1 | Impact: 4.0

Affected Packages2 packages

CVEListV5synology/dns_serverunspecified2.2.2-5027
NVDsynology/dns_server< 2.2.2-5027

🔴Vulnerability Details

2
GHSA
GHSA-9q4r-rvww-q2rv: Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology DNS Server before 22022-07-29
CVEList
CVE-2022-27615: Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology DNS Server before 22022-07-28
CVE-2022-27615 (HIGH CVSS 8.1) | Improper limitation of a pathname t | cvebase.io