CVE-2022-43931 - Vulnerability Details - OpenCVE

Description

Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors.

Published: 2023-01-03

Score: 10 Critical

EPSS: 3.9% Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Synology

VPN Plus Server

affected

Version	Status	Constraints
`*`	affected	< 1.4.4-0635
`*`	affected	< 1.4.3-0534

Configuration 1 [-]

AND

cpe:2.3:a:synology:vpn_plus_server:*:*:*:*:*:*:*:*

cpe:2.3:o:synology:router_manager:1.2:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:a:synology:vpn_plus_server:*:*:*:*:*:*:*:*

cpe:2.3:o:synology:router_manager:1.3:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.03924.

Exploitation none

Automatable yes

Technical Impact total

References

Link	Providers
https://www.synology.com/en-global/security/advisory/Synology_SA_22_26

History

Thu, 10 Apr 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Subscriptions

Synology Router Manager Vpn Plus Server

MITRE

Status: PUBLISHED

Assigner: synology

Published: 2023-01-03T03:11:03.979Z

Updated: 2025-04-10T14:37:49.685Z

Reserved: 2022-10-26T17:55:30.258Z

Link: CVE-2022-43931

Vulnrichment

Updated: 2024-08-03T13:40:06.582Z

NVD

Status : Modified

Published: 2023-01-03T04:15:09.470

Modified: 2024-11-21T07:27:22.750

Link: CVE-2022-43931

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-43931", "assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01", "state": "PUBLISHED", "assignerShortName": "synology", "dateReserved": "2022-10-26T17:55:30.258Z", "datePublished": "2023-01-03T03:11:03.979Z", "dateUpdated": "2025-04-10T14:37:49.685Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-787: Out-of-bounds Write"}]}], "affected": [{"vendor": "Synology", "product": "VPN Plus Server", "versions": [{"version": "*", "status": "affected", "lessThan": "1.4.4-0635", "versionType": "semver"}, {"version": "*", "status": "affected", "lessThan": "1.4.3-0534", "versionType": "semver"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors."}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 10, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}}], "references": [{"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_22_26", "name": "Synology_SA_22_26", "tags": ["vendor-advisory"]}], "providerMetadata": {"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01", "shortName": "synology", "dateUpdated": "2023-01-03T03:11:03.979Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:40:06.582Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_22_26", "name": "Synology_SA_22_26", "tags": ["vendor-advisory", "x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-10T14:37:41.222992Z", "id": "CVE-2022-43931", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-10T14:37:49.685Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_22_26", "name": "Synology_SA_22_26", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:40:06.582Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-43931", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-10T14:37:41.222992Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-10T14:37:12.510Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Synology", "product": "VPN Plus Server", "versions": [{"status": "affected", "version": "*", "lessThan": "1.4.4-0635", "versionType": "semver"}, {"status": "affected", "version": "*", "lessThan": "1.4.3-0534", "versionType": "semver"}], "defaultStatus": "affected"}], "references": [{"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_22_26", "name": "Synology_SA_22_26", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-787: Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01", "shortName": "synology", "dateUpdated": "2023-01-03T03:11:03.979Z"}}}, "cveMetadata": {"cveId": "CVE-2022-43931", "state": "PUBLISHED", "dateUpdated": "2025-04-10T14:37:49.685Z", "dateReserved": "2022-10-26T17:55:30.258Z", "assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01", "datePublished": "2023-01-03T03:11:03.979Z", "assignerShortName": "synology"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:synology:vpn_plus_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B9447F9-2136-4373-874A-EB22975E05A8", "versionEndExcluding": "1.4.3-0534", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:synology:router_manager:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "43088D16-C9DE-4562-A935-F0A056FAC94F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:synology:vpn_plus_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "466C2C1F-6D2D-45F8-AA1D-B9A15B5A8DDE", "versionEndExcluding": "1.4.4-0635", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:synology:router_manager:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "69719ACD-229C-4685-BADB-52FB55671BD9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de escritura fuera de los l\u00edmites en la funcionalidad de escritorio remoto en Synology VPN Plus Server anterior a 1.4.3-0534 y 1.4.4-0635 permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de vectores no especificados."}], "id": "CVE-2022-43931", "lastModified": "2024-11-21T07:27:22.750", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "security@synology.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-03T04:15:09.470", "references": [{"source": "security@synology.com", "tags": ["Vendor Advisory"], "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_22_26"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_22_26"}], "sourceIdentifier": "security@synology.com", "vulnStatus": "Modified"}