Synology Security Advisory SA-24:01 DSM
Vulnerability concerning DiskStation Manager
This is a Press Release edited by StorageNewsletter.com on January 18, 2024 at 2:00 pmSynology, Inc. had published a security advisory concerning DSM NAS OS.
Publish time: 2024-01-09 12:01:13 UTC+8
Last updated: 2024-01-11 12:05:07 UTC+8
Severity: Important
Status: Ongoing
Abstract
A vulnerability allows local users to execute arbitrary code via a susceptible version of Synology DiskStation Manager (DSM).
Successful exploitation of this vulnerability requires a user to download a malicious patch from a non-official Synology download site and install it manually before the vulnerability can be exploited.
Affected products
-
Product
Severity
Fixed release availability
DSM 7.2
Important
Upgrade to 7.2-64561 or above
DSM 7.1
Important
Ongoing
DSM 6.2
Important
Ongoing
DSMUC 3.1
Important
Upgrade to 3.1.2-23068 or above.
Mitigation: None
Detail: Reserved
Acknowledgement
Qian Chen (@cq674350529) from Codesafe Team of Legendsec at Qi’anxin Group
Revision:
-
Revision
Date
Description
1
2024-01-09
Initial public release
2
2024-01-11
Updated abstract for more details
Subscribe to our free daily newsletter
