Synology-SA-24:20 DSM (PWN2OWN 2024)
Publish Time: 2024-11-05 15:15:05 UTC+8
Last Updated: 2024-11-05 15:15:05 UTC+8
- Severity
- Critical
- Status
- Ongoing
Abstract
The vulnerability reported in ZDI-CAN-25403 allows remote attackers to execute arbitrary code.
The vulnerability reported in ZDI-CAN-25487 allows man-in-the-middle attacker to obain admin sessions.
The vulnerability reported in ZDI-CAN-25613 allows remote attackers to read specific files.
The vulnerability reported in ZDI-CAN-25617 allows adjacent man-in-the-middle attacker to write specific files.
Updates of DSM 7.1 and DSMUC 3.1 will be published within 30 days.
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| DSM 7.2 | Critical | Upgrade to 7.2.2-72806-1 or above. |
| DSM 7.1 | Critical | Ongoing |
| DSMUC 3.1 | Critical | Ongoing |
Mitigation
None
Detail
Reserved
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2024-11-05 | Initial public release. |