Synology-SA-17:38 Chat
Publish Time: 2017-08-10 00:00:00 UTC+8
Last Updated: 2017-08-10 10:17:00 UTC+8
- Severity
- Important
- Status
- Resolved
Abstract
CVE-2017-11148 allows remote authenticated users to access intranet resources via a vulnerable Synology NAS running as Chat server.
Severity
- Impact: Important
- CVSS3 Base Score: 6.5
- CVSS3 Base Metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected
- Products
- Chat before 1.1.0-0806
- Models
- All Synology models
Description
Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors.
Mitigation
None
Update Availability
To fix the security issue, please go to DSM > Package Center and update Chat to 1.1.0-0806 or above.