CVE-2023-0142
CVSS 3.1 Score 8.1 of 10 (high)
Details
Published Jun 13, 2023
Updated: Jan 14, 2025
CWE ID 427
Summary
CVE-2023-0142 is a vulnerability affecting Synology DiskStation Manager (DSM) versions before 6.2.4-25556-8, 7.0.1-42218-7, and 7.1-42661. This issue grants remote authenticated users with administrator privileges uncontrolled search path capabilities in the Backup Management functionality. Consequently, they can read or write arbitrary files, posing a significant risk to system security. This vulnerability may be exploited via unspecified vectors, highlighting the importance of updating to the latest version of DSM to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- DiskStation Manager
- Synology Router Manager
- Synology Diskstation Manager Unified Controller
Affected Vendors
- Synology