Synology Security Advisory SA-24:28 on Resolved Vulnerability
Concerning Media Server apps for NAS
This is a Press Release edited by StorageNewsletter.com on December 19, 2024 at 2:00 pmSynology, Inc. had published a security advisory concerning a resolved vulnerability on Media Server.
Publish Time: 2024-12-11 17:11:36 UTC+8
Last Updated: 2024-12-18 14:00:51 UTC+8
Severity: Important
Status: Resolved
Abstract
A vulnerability allows remote attackers to read specific files.
Affected Products
|
Product |
Severity |
Fixed Release Availability |
|---|---|---|
|
Media Server for DSM 7.2 |
Important |
Upgrade to 2.2.0-3325 or above. |
|
Media Server for DSM 7.1 |
Important |
Upgrade to 2.0.5-3152 or above. |
|
Media Server for SRM 1.3 |
Important |
Upgrade to 1.4-2680 or above. |
Mitigation: None
Detail
- CVE-2024-4464
- Severity: Important
- CVSS3 Base Score: 7.5
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Authorization bypass through user-controlled key vulnerability in streaming service in Synology Media Server before 1.4-2680, 2.0.5-3152 and 2.2.0-3325 allows remote attackers to read specific files via unspecified vectors.
Acknowledgement: TEAM TGLS (Best of the Best 12th) (https://zrr.kr/SWND)
Reference: CVE-2024-4464
Revision
|
Revision |
Date |
Description |
|---|---|---|
|
1 |
2024-12-11 |
Initial public release. |
|
2 |
2024-12-18 |
Disclosed vulnerability details. |
Subscribe to our free daily newsletter
