CVE-2022-45188
Synology DiskStation Manager Serv.php Authentication Bypass Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).
Netatalk hasta 3.1.13 tiene un Desbordamiento del Búfer en afp_getappl que genera la ejecución de código a través de un archivo .appl manipulado. Esto proporciona acceso raíz remoto en algunas plataformas como FreeBSD (utilizado para TrueNAS).
This vulnerability allows remote attackers to bypass authentication on affected installations of Synology DiskStation Manager. This vulnerability does not require authentication, but does require some user interaction.
The specific flaw exists within the Serv.php endpoint. The issue results from incorrect implementation of the authentication mechanism. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-11-11 CVE Reserved
- 2022-11-12 CVE Published
- 2024-07-03 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html | Mailing List |
|
| https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html | Release Notes | |
| https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.14.html | Broken Link | |
| https://sourceforge.net/projects/netatalk/files/netatalk | Release Notes |
| URL | Date | SRC |
|---|---|---|
| https://rushbnt.github.io/bug%20analysis/netatalk-0day | 2024-08-03 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netatalk Search vendor "Netatalk" | Netatalk Search vendor "Netatalk" for product "Netatalk" | <= 3.1.13 Search vendor "Netatalk" for product "Netatalk" and version " <= 3.1.13" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 37 Search vendor "Fedoraproject" for product "Fedora" and version "37" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 38 Search vendor "Fedoraproject" for product "Fedora" and version "38" | - |
Affected
| ||||||