CVE-2021-26569
Synology DiskStation Manager iscsi_snapshot_comm_core Race Condition Use-After-Free Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.
Una Condición de Carrera dentro de una vulnerabilidad de Subproceso en iscsi_snapshot_comm_core en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes remotos ejecutar código arbitrario por medio de peticiones web diseñadas
This vulnerability allows local attackers to execute arbitrary code on affected installations of Synology DS418play. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the iscsi_snapshot_comm_core service. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the current process.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-02-02 CVE Reserved
- 2021-03-12 CVE Published
- 2024-05-13 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
- CWE-366: Race Condition within a Thread
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://www.zerodayinitiative.com/advisories/ZDI-21-338 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.synology.com/security/advisory/Synology_SA_20_26 | 2022-08-02 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Synology Search vendor "Synology" | Diskstation Manager Search vendor "Synology" for product "Diskstation Manager" | < 6.2.3-25426-3 Search vendor "Synology" for product "Diskstation Manager" and version " < 6.2.3-25426-3" | - |
Affected
|