CVE-2023-52949

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Sep 26, 2024
CWE ID 306

Summary

CVE-2023-52949 is a vulnerability affecting Synology Active Backup for Business Agent versions prior to 2.7.0-3221, which allows local users to access user credentials due to missing authentication in proxy settings functionality. The exploitability score is rated at 1.8, with a base severity classified as medium and a CVSS base score of 5.5, highlighting a high confidentiality impact and low privileges required for exploitation. Organizations using the affected software are at risk of credential theft, which could lead to unauthorized access or data breaches. To remediate this vulnerability, it is recommended that users update the Synology Active Backup for Business Agent to version 2.7.0-3221 or later. For further details, users can refer to Synology's official security advisory linked in their documentation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share