CVE-2022-49039
CVSS 3.1 Score 6.7 of 10 (medium)
Details
Summary
CVE-2022-49039 is an out-of-bounds write vulnerability affecting Synology Drive Client versions prior to 3.4.0-15721, which allows local users with administrator privileges to execute arbitrary commands through unspecified methods. This vulnerability has a CVSS base score of 6.7 and poses a medium severity risk, with high impacts on both integrity and confidentiality, as well as availability. Organizations using the affected versions are at risk due to the potential for local exploitation by authorized users, thereby compromising system security. To remediate this vulnerability, it is recommended that users upgrade to the latest version of Synology Drive Client (3.4.0-15721 or later). Further details can be found in the Synology security advisory linked here.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.