Synology-SA-22:24 Samba AD DC
Publish Time: 2022-12-19 17:45:31 UTC+8
Last Updated: 2023-05-22 15:34:54 UTC+8
- Severity
- Important
- Status
- Resolved
Abstract
Multiple vulnerabilities allow remote attackers or remote authenticated users to bypass security constraint via a susceptible version of Synology Directory Server.
Affected Products
Product | Severity | Fixed Release Availability |
---|---|---|
Synology Directory Server for DSM 7.2 | Important | Upgrade to 4.15.13-0615 or above. |
Synology Directory Server for DSM 7.1 | Important | Will not fix |
Synology Directory Server for DSM 7.0 | Important | Will not fix |
Synology Directory Server for DSM 6.2 | Important | Will not fix |
Mitigation
None
Detail
CVE-2022-37966
- Severity: Important
- CVSS3 Base Score: 8.1
- CVSS3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
CVE-2022-37967
- Severity: Important
- CVSS3 Base Score: 7.2
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Windows Kerberos Elevation of Privilege Vulnerability
CVE-2022-38023
- Severity: Important
- CVSS3 Base Score: 8.1
- CVSS3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Netlogon RPC Elevation of Privilege Vulnerability
CVE-2022-45141
- Severity: Important
- CVSS3 Base Score: 8.1
- CVSS3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).
Reference
Revision
Revision | Date | Description |
---|---|---|
1 | 2022-12-19 | Initial public release. |
2 | 2023-03-07 | Disclosed vulnerability details. |
3 | 2023-05-22 | Update for Synology Directory Server is now available in Affected Products. |