CVE-2023-0142

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Jun 13, 2023
Updated: Jan 14, 2025
CWE ID 427

Summary

CVE-2023-0142 is a vulnerability affecting Synology DiskStation Manager (DSM) versions before 6.2.4-25556-8, 7.0.1-42218-7, and 7.1-42661. This issue grants remote authenticated users with administrator privileges uncontrolled search path capabilities in the Backup Management functionality. Consequently, they can read or write arbitrary files, posing a significant risk to system security. This vulnerability may be exploited via unspecified vectors, highlighting the importance of updating to the latest version of DSM to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • DiskStation Manager
  • Synology Router Manager
  • Synology Diskstation Manager Unified Controller

Affected Vendors

  • Synology