Synology-SA-21:15 Antivirus Essential

Publish Time: 2021-04-28 08:12:48 UTC+8

Last Updated: 2021-04-28 08:12:48 UTC+8

Severity
Important
Status
Resolved

Abstract

A vulnerability allows remote authenticated users to obtain privileges without consent via a susceptible version of Antivirus Essential.

Affected Products

Product Severity Fixed Release Availability
Antivirus Essential Important Upgrade to 1.4.8-2801 or above.

Mitigation

None

Detail

  • CVE-2021-27648
    • Severity: Important
    • CVSS3 Base Score: 9.0
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
    • Externally controlled reference to a resource in another sphere in quarantine functionality in Synology Antivirus Essential before 1.4.8-2801 allows remote authenticated users to obtain privilege via unspecified vectors.

Acknowledgement

Jose Hares

Revision

Revision Date Description
1 2021-04-28 Initial public release.