CVE-2022-49041

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Published Sep 26, 2024
CWE ID 120

Summary

CVE-2022-49041 is a buffer overflow vulnerability present in the backup task management functionality of Synology Drive Client prior to version 3.4.0-15721, which allows local users with administrator privileges to crash the client. This vulnerability poses a medium severity risk, rated with a CVSS score of 4.4, and has a low attack complexity requiring high privileges but no user interaction for exploitation. The integrity and confidentiality of the system remain unaffected; however, it significantly impacts availability, potentially leading to service disruption. To remediate this issue, users are advised to upgrade their Synology Drive Client to version 3.4.0-15721 or later as outlined in Synology's security advisory. Failure to address this vulnerability could allow malicious insiders or unauthorized local users to exploit the flaw and disrupt operations within an organization.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share