OpenCVE

Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Synology	Diskstation Manager

Configuration 1 [-]

cpe:2.3:a:synology:diskstation_manager:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.synology.com/security/advisory/Synology_SA_22_18

History

No history.

MITRE

Status: PUBLISHED

Assigner: synology

Published: 2022-10-25T16:30:54.412135Z

Updated: 2024-09-17T02:26:17.994Z

Reserved: 2022-03-21T00:00:00

Link: CVE-2022-27622

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-10-25T17:15:51.367

Modified: 2024-11-21T06:56:02.560

Link: CVE-2022-27622

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:synology:diskstation_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "98DEC165-1F1F-43DA-AAF6-15ECACE364E3", "versionEndExcluding": "7.1-42661", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors."}, {"lang": "es", "value": "Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en la funcionalidad Package Center en Synology DiskStation Manager (DSM) versiones anteriores a 7.1-42661, permite a usuarios remotos autenticados acceder a recursos de la intranet por medio de vectores no especificados"}], "id": "CVE-2022-27622", "lastModified": "2024-11-21T06:56:02.560", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 1.4, "source": "security@synology.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-25T17:15:51.367", "references": [{"source": "security@synology.com", "tags": ["Vendor Advisory"], "url": "https://www.synology.com/security/advisory/Synology_SA_22_18"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.synology.com/security/advisory/Synology_SA_22_18"}], "sourceIdentifier": "security@synology.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security@synology.com", "type": "Secondary"}]}