Synology Releases Patch for Critical RCE Vulnerability Affecting VPN Plus Servers

News

Jan 04, 2023Ravie LakshmananVPN / Server Security

Synology has released security updates to address a critical flaw impacting VPN Plus Server that could be exploited to take over affected systems.

Tracked as CVE-2022-43931, the vulnerability carries a maximum severity rating of 10 on the CVSS scale and has been described as an out-of-bounds write bug in the remote desktop functionality in Synology VPN Plus Server.

Successful exploitation of the issue “allows remote attackers to execute arbitrary commands via unspecified vectors,” the Taiwanese company said, adding it was internally discovered by its Product Security Incident Response Team (PSIRT).

Users of VPN Plus Server for Synology Router Manager (SRM) 1.2 and VPN Plus Server for SRM 1.3 are advised to update to versions 1.4.3-0534 and 1.4.4-0635, respectively.

The network-attached storage appliance maker, in a second advisory, also warned of several flaws in SRM that could permit remote attackers to execute arbitrary commands, conduct denial-of-service attacks, or read arbitrary files.

Exact details about the vulnerabilities have been withheld, with the users urged to upgrade to versions 1.2.5-8227-6 and 1.3.1-9346-3 to mitigate potential threats.

Gaurav Baruah, CrowdStrike’s Lukas Kupczyk, DEVCORE researcher Orange Tsai, and Netherlands-based IT security firm Computest have been credited for reporting the weaknesses.

It’s worth noting that some of the vulnerabilities were demonstrated at the 2022 Pwn2Own contest held between December 6 and 9, 2022, at Toronto.

Baruah earned $20,000 for a command injection attack against the WAN interface of the Synology RT6600ax, while Computest netted $5,000 for a command injection root shell exploit aimed at its LAN interface.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Products You May Like

Articles You May Like

Italy’s Data Protection Watchdog Issues €15m Fine to OpenAI Over ChatGPT Probe
DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages
HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft
Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware
LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages

Leave a Reply

Your email address will not be published. Required fields are marked *