CVE-2022-43931
published 2023-01-03CVE-2022-43931: Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to…
PriorityP275critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
16.84%
96.7th percentile
Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| synology | vpn_plus_server | < 1.4.3-0534 | 1.4.3-0534 |
| synology | vpn_plus_server | < 1.4.4-0635 | 1.4.4-0635 |
| synology | vpn_plus_server | >= * < 1.4.4-0635 | 1.4.4-0635 |
| synology | vpn_plus_server | >= * < 1.4.3-0534 | 1.4.3-0534 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2022-43931 is an out-of-bounds write vulnerability in the Remote Desktop Functionality of Synology VPN Plus Server; target versions before 1.4.3-0534 and 1.4.4-0635 are exploitable for remote code execution via unspecified vectors ↗
- →Synology VPN Plus Server deployments running versions prior to 1.4.3-0534 or 1.4.4-0635 should be treated as unpatched and prioritized for detection/patching; exploitation allows full system takeover ↗
- ·The attack vector is described only as 'unspecified vectors' — no specific exploit path, payload, or network indicator has been publicly disclosed in these sources, limiting concrete IOC extraction ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
2023-01-03
Published