CVE-2022-27623

CWE-306 — Missing Authentication3 documents3 sources

Severity

9.1CRITICAL

EPSS

0.3%

top 43.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Synology Diskstation Manager (dsm)Synology Diskstation Manager

Timeline

PublishedOct 25

Description

Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages2 packages

▶NVDsynology/diskstation_manager< 7.1-42661

▶CVEListV5synology/diskstation_manager_(dsm)unspecified — 7.1-42661

🔴Vulnerability Details

GHSA

GHSA-7qq8-2p9r-p388: Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7↗2022-10-25

▶

CVEList

CVE-2022-27623: Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7↗2022-10-25

▶