Headline
CVE-2022-43931: Synology_SA_22_26 | Synology Inc.
Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors.
Abstract
A vulnerability allows remote attackers to possible execute arbitrary command via a susceptible version of Synology VPN Plus Server.
Affected Products
Product
Severity
Fixed Release Availability
VPN Plus Server for SRM 1.3
Critical
Upgrade to 1.4.4-0635 or above.
VPN Plus Server for SRM 1.2
Critical
Upgrade to 1.4.3-0534 or above.
Mitigation
None
Detail
Reserved
Acknowledgement
This issue was discovered internally by Synology PSIRT.
Revision
Revision
Date
Description
1
2022-12-30
Initial public release.
Related news
Categories: Exploits and vulnerabilities Categories: News Tags: Synology Tags: VPL Plus Server Tags: CVE-2022-43931 Tags: out-of-bounds write Synology has patched a critical vulnerability in the Remote Desktop feature of VPN Plus Server (Read more...) The post Update VPN Plus Server now! Synology patches vulnerability with a CVSS of 10 appeared first on Malwarebytes Labs.
Synology has released security updates to address a critical flaw impacting VPN Plus Server that could be exploited to take over affected systems. Tracked as CVE-2022-43931, the vulnerability carries a maximum severity rating of 10 on the CVSS scale and has been described as an out-of-bounds write bug in the remote desktop functionality in Synology VPN Plus Server. Successful exploitation of the