Synology-SA-21:15 Antivirus Essential
Publish Time: 2021-04-28 08:12:48 UTC+8
Last Updated: 2021-04-28 08:12:48 UTC+8
- Severity
- Important
- Status
- Resolved
Abstract
A vulnerability allows remote authenticated users to obtain privileges without consent via a susceptible version of Antivirus Essential.
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| Antivirus Essential | Important | Upgrade to 1.4.8-2801 or above. |
Mitigation
None
Detail
- CVE-2021-27648
- Severity: Important
- CVSS3 Base Score: 9.0
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
- Externally controlled reference to a resource in another sphere in quarantine functionality in Synology Antivirus Essential before 1.4.8-2801 allows remote authenticated users to obtain privilege via unspecified vectors.
Acknowledgement
Jose Hares
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2021-04-28 | Initial public release. |