CVE-2022-43931 - OpenCVE

Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Synology	Vpn Plus Server Router Manager

Configuration 1 [-]

AND

cpe:2.3:a:synology:vpn_plus_server:*:*:*:*:*:*:*:*

cpe:2.3:o:synology:router_manager:1.2:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:a:synology:vpn_plus_server:*:*:*:*:*:*:*:*

cpe:2.3:o:synology:router_manager:1.3:*:*:*:*:*:*:*

References

Link	Resource
https://www.synology.com/en-global/security/advisory/Synology_SA_22_26	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: synology

Published: 2023-01-03T03:11:03.979Z

Updated:

Reserved: 2022-10-26T17:55:30.258Z

Link: CVE-2022-43931

JSON object: View

NVD Information

Status : Modified

Published: 2023-01-03T04:15:09.470

Modified: 2023-11-07T03:54:08.313

Link: CVE-2022-43931

JSON object: View

Redhat Information

No data.

CWE

No CWE.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:synology:vpn_plus_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B9447F9-2136-4373-874A-EB22975E05A8", "versionEndExcluding": "1.4.3-0534", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:synology:router_manager:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "43088D16-C9DE-4562-A935-F0A056FAC94F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:synology:vpn_plus_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "466C2C1F-6D2D-45F8-AA1D-B9A15B5A8DDE", "versionEndExcluding": "1.4.4-0635", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:synology:router_manager:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "69719ACD-229C-4685-BADB-52FB55671BD9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors."}], "id": "CVE-2022-43931", "lastModified": "2023-11-07T03:54:08.313", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "security@synology.com", "type": "Secondary"}]}, "published": "2023-01-03T04:15:09.470", "references": [{"source": "security@synology.com", "tags": ["Vendor Advisory"], "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_22_26"}], "sourceIdentifier": "security@synology.com", "vulnStatus": "Modified"}