CVE-2017-15889
CVSS 3.0 Score 8.8 of 10 (high)
Details
Summary
CVE-2017-15889 is a command injection vulnerability affecting Synology DiskStation Manager (DSM) prior to version 5.2-5967-5. Authenticated users can exploit this flaw by inputting malicious commands through the disk field, leading to arbitrary command execution. This vulnerability poses a significant risk, as it allows attackers to gain unauthorized control over the Synology DiskStations. Successful exploitation could result in data theft, system damage, or even the deployment of malware. Users are strongly advised to update their DSM installation to a secure version as soon as possible.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- DiskStation Manager
Affected Vendors
- Synology