Synology-SA-19:42 Intel Processor Vulnerability

Publish Time: 2019-12-20 15:08:42 UTC+8

Last Updated: 2019-12-20 15:08:42 UTC+8

Severity: Moderate

Status: Accepted

Abstract

A vulnerability allows local users to conduct denial-of-service attacks, obtain sensitive information, or conduct privilege escalation attacks via a susceptible version of DiskStation Manager (DSM).

Affected Products

Product	Severity	Fixed Release Availability
DSM 6.2^[1]	Moderate	Ongoing

^[1] FS6400, RS3617RPxs, RS3617xs+, DS3617xs, DS3018xs, RS4017xs+, RS18017xs+, RS3618xs, FS1018, FS2017, RS1619xs+, SA3400, FS3400, UC3200, SA3600, FS3600, SA3200D

Mitigation

None

Detail

CVE-2019-14607
- Severity: Moderate
- CVSS3 Base Score: 5.3
- CVSS3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
- Improper conditions check in multiple Intel® Processors may allow an authenticated user to potentially enable partial escalation of privilege, denial of service and/or information disclosure via local access.

Reference

Revision

Revision	Date	Description
1	2019-12-20	Initial public release.