OpenCVE

Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. The backup functionality will continue to operate and will not be affected by the logout.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Synology	Active Backup For Business Agent

Configuration 1 [-]

cpe:2.3:a:synology:active_backup_for_business_agent:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.synology.com/en-global/security/advisory/Synology_SA_24_11

History

Wed, 02 Oct 2024 15:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Synology Synology active Backup For Business Agent
CPEs		cpe:2.3:a:synology:active_backup_for_business_agent::::::::
Vendors & Products		Synology Synology active Backup For Business Agent

Thu, 26 Sep 2024 15:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 26 Sep 2024 04:00:00 +0000

Type	Values Removed	Values Added
Description		Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. The backup functionality will continue to operate and will not be affected by the logout.
Weaknesses		CWE-306
References		https://www.synology.com/en-global/security/advisory/Synology_SA_24_11
Metrics		cvssV3_1 `{'score': 4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}`

MITRE

Status: PUBLISHED

Assigner: synology

Published: 2024-09-26T03:41:03.462Z

Updated: 2024-09-26T14:38:53.499Z

Reserved: 2024-09-24T08:35:52.122Z

Link: CVE-2023-52947

Vulnrichment

Updated: 2024-09-26T14:38:49.585Z

NVD

Status : Analyzed

Published: 2024-09-26T04:15:06.110

Modified: 2024-10-02T15:26:28.213

Link: CVE-2023-52947

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52947", "assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01", "state": "PUBLISHED", "assignerShortName": "synology", "dateReserved": "2024-09-24T08:35:52.122Z", "datePublished": "2024-09-26T03:41:03.462Z", "dateUpdated": "2024-09-26T14:38:53.499Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-306: Missing Authentication for Critical Function", "cweId": "CWE-306", "type": "CWE"}]}], "affected": [{"vendor": "Synology", "product": "Synology Active Backup for Business Agent", "versions": [{"version": "*", "status": "affected", "lessThan": "2.7.0-3221", "versionType": "semver"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. The backup functionality will continue to operate and will not be affected by the logout."}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}}], "references": [{"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_11", "name": "Synology-SA-24:11 Synology Active Backup for Business Agent", "tags": ["vendor-advisory"]}], "credits": [{"lang": "en", "value": "Zhao Runzi (\u8d75\u6da6\u6893)", "type": "finder"}], "providerMetadata": {"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01", "shortName": "synology", "dateUpdated": "2024-09-26T03:41:03.462Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-26T14:38:44.588411Z", "id": "CVE-2023-52947", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T14:38:53.499Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52947", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-26T14:38:44.588411Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T14:38:49.585Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Zhao Runzi (\u8d75\u6da6\u6893)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Synology", "product": "Synology Active Backup for Business Agent", "versions": [{"status": "affected", "version": "*", "lessThan": "2.7.0-3221", "versionType": "semver"}], "defaultStatus": "affected"}], "references": [{"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_11", "name": "Synology-SA-24:11 Synology Active Backup for Business Agent", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. The backup functionality will continue to operate and will not be affected by the logout."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306: Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01", "shortName": "synology", "dateUpdated": "2024-09-26T03:41:03.462Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52947", "state": "PUBLISHED", "dateUpdated": "2024-09-26T14:38:53.499Z", "dateReserved": "2024-09-24T08:35:52.122Z", "assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01", "datePublished": "2024-09-26T03:41:03.462Z", "assignerShortName": "synology"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:synology:active_backup_for_business_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "33A9A7B3-0F3F-4469-A7A8-358C120B51D3", "versionEndExcluding": "2.6.0-3101", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. The backup functionality will continue to operate and will not be affected by the logout."}, {"lang": "es", "value": "La vulnerabilidad de falta de autenticaci\u00f3n para funciones cr\u00edticas en la funcionalidad de cierre de sesi\u00f3n en Synology Active Backup for Business Agent anterior a la versi\u00f3n 2.6.3-3101 permite que los usuarios locales cierren la sesi\u00f3n del cliente a trav\u00e9s de vectores no especificados. La funcionalidad de copia de seguridad seguir\u00e1 funcionando y no se ver\u00e1 afectada por el cierre de sesi\u00f3n."}], "id": "CVE-2023-52947", "lastModified": "2024-10-02T15:26:28.213", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 1.4, "source": "security@synology.com", "type": "Secondary"}]}, "published": "2024-09-26T04:15:06.110", "references": [{"source": "security@synology.com", "tags": ["Vendor Advisory"], "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_11"}], "sourceIdentifier": "security@synology.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "security@synology.com", "type": "Primary"}]}