CVE-2023-0142

CWE-4273 documents3 sources

Severity

8.1HIGH

EPSS

0.2%

top 51.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Synology Diskstation Manager (dsm)Synology Synology Router Manager (srm)Synology Unified Controller (dsmuc)+3 more

Timeline

PublishedJun 13

Description

Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 1.2 | Impact: 5.2

Affected Packages6 packages

▶NVDsynology/diskstation_manager6.2 — 7.1-42661

▶CVEListV5synology/diskstation_manager_(dsm)7.1 — 7.1-42661+2

▶NVDsynology/diskstation_manager_unified_controller3.1

▶NVDsynology/router_manager1.2 — 1.3.1-9346+1

▶CVEListV5synology/synology_router_manager_(srm)1.3 — 1.3.*+1

🔴Vulnerability Details

CVEList

CVE-2023-0142: Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6↗2023-06-13

▶

GHSA

GHSA-8f24-4fhw-xqcc: Uncontrolled search path element vulnerability in Backup Management Functionality in Synology DiskStation Manager (DSM) before 7↗2023-06-13

▶