OpenCVE

A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Synology	Diskstation Manager Ds3622xs\+ Fs3410 Hd6500

Configuration 1 [-]

AND

cpe:2.3:a:synology:diskstation_manager:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:synology:ds3622xs\+:-:::::::*
	cpe:2.3:h:synology:fs3410:-:::::::*
	cpe:2.3:h:synology:hd6500:-:::::::*

No data.

References

Link	Providers
https://www.synology.com/security/advisory/Synology_SA_22_17

History

No history.

MITRE

Status: PUBLISHED

Assigner: synology

Published: 2022-10-20T05:50:24.922383Z

Updated: 2024-09-16T19:36:43.491Z

Reserved: 2022-10-18T00:00:00

Link: CVE-2022-3576

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-10-20T06:15:12.293

Modified: 2024-11-21T07:19:48.153

Link: CVE-2022-3576

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:synology:diskstation_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB78E4FF-42C9-4EDE-8578-0101CF87F7CA", "versionEndExcluding": "7.1.1-42962-2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:synology:ds3622xs\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "CBC3E0E3-868D-4A35-A87D-37E0C79A0702", "vulnerable": false}, {"criteria": "cpe:2.3:h:synology:fs3410:-:*:*:*:*:*:*:*", "matchCriteriaId": "0C86BD06-9795-4AF0-9D44-F66D2C555A08", "vulnerable": false}, {"criteria": "cpe:2.3:h:synology:hd6500:-:*:*:*:*:*:*:*", "matchCriteriaId": "B397D029-DBFA-477B-B2ED-CFC4C66821EB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad relativa a la lectura fuera de l\u00edmites en la funcionalidad session processing de Out-of-Band (OOB) Management. Esto permite a atacantes remotos obtener informaci\u00f3n confidencial por medio de vectores no especificados. Los siguientes modelos con Synology DiskStation Manager (DSM) versiones anteriores a 7.1.1-42962-2 pueden estar afectados: DS3622xs+, FS3410 y HD6500"}], "id": "CVE-2022-3576", "lastModified": "2024-11-21T07:19:48.153", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@synology.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-20T06:15:12.293", "references": [{"source": "security@synology.com", "tags": ["Vendor Advisory"], "url": "https://www.synology.com/security/advisory/Synology_SA_22_17"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.synology.com/security/advisory/Synology_SA_22_17"}], "sourceIdentifier": "security@synology.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "security@synology.com", "type": "Secondary"}]}