What are you looking for ?
Advertise with us
Advertise with us

Synology Security Advisory SA-24:02 DSM

Concerning vulnerability allows remote authenticated users to conduct phishing attacks via susceptible version of NAS OS.

Synology, Inc. had published a security advisory concerning vulnerability allows remote authenticated users to conduct phishing attacks via a susceptible version of Synology DiskStation Manager (DSM) NAS OS.

Publish time: 2024-01-24 18:08:36 UTC+8
Last updated: 2024-01-24 18:09:10 UTC+8
Severity: Moderate
Status: Ongoing

Abstract
A vulnerability allows remote authenticated users to conduct phishing attacks via a susceptible version of DSM.

Affected products

Product

Severity

Fixed Release availability

DSM 7.2

Moderate

Upgrade to 7.2.1-69057-2 or above.

DSM 7.1

Moderate

Ongoing

DSM 6.2

Moderate

Ongoing

Mitigation: None

Detail:

  • CVE-2024-0854
    • Severity: Moderate
    • CVSS3 Base Score: 4.1
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
    • URL redirection to untrusted site (‘Open Redirect’) vulnerability in file access component in DSM before 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors.

Acknowledgement
Jangwoo Choi, HYEONJUN LEE, SoYeon Kim, TaeWan Ha, DoHwan Kim (https://zrr.kr/SWND)

Reference: CVE-2024-0854

Revision

Revision

Date

Description

1

2024-01-24

Initial public release.

2

2024-01-24

Disclosed vulnerability details.

Articles_bottom
ExaGrid
AIC
ATTOtarget="_blank"
OPEN-E
RAIDON