Synology Products Multiple Vulnerabilities
Release Date: 11 Nov 2024
RISK: Medium Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities were identified in Synology products. A remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure, spoofing, data manipulation and remote code execution on the targeted system.
Impact
- Remote Code Execution
- Spoofing
- Information Disclosure
- Data Manipulation
System / Technologies affected
- Synology DSM 7.2.2 versions below 7.2.2-72806-1
- Synology DSM 7.2.1
- Synology DSM 7.1
- Synology DSMUC 3.1
- Synology BeeStation OS versions below 1.1-65374
- Synology BeeStation OS versions 1.0
- Synology Replication Service for DSM 7.2 versions below 1.3.0-0423
- Synology Replication Service for DSM 7.1 versions below 1.2.2-0353
- Synology Drive Server for DSM 7.2.2 versions below 3.5.1-26102
- Synology Drive Server for DSM 7.2.1
- Synology Drive Server for DSM 7.1
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- https://www.synology.com/en-us/security/advisory/Synology_SA_24_20
- https://www.synology.com/en-us/security/advisory/Synology_SA_24_21
- https://www.synology.com/en-us/security/advisory/Synology_SA_24_22
- https://www.synology.com/en-us/security/advisory/Synology_SA_24_23
Vulnerability Identifier
- No CVE information is available
沒有留言:
發佈留言