CVE-2024-10443
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors.
La vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un comando ('Inyección de comando') en Task Manager component in Synology BeePhotos anteriores a 1.0.2-10026 y 1.1.0-10053 y Synology Photos anteriores a 1.6.2-0720 y 1.7.0-0795 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados.
*Credits:
Rick de Jager, Security Researcher at Midnight Blue
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-10-28 CVE Reserved
- 2024-11-15 CVE Published
- 2024-11-15 CVE Updated
- 2024-11-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.synology.com/en-global/security/advisory/Synology_SA_24_18 | 2024-11-15 | |
| https://www.synology.com/en-global/security/advisory/Synology_SA_24_19 | 2024-11-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Synology Search vendor "Synology" | BeePhotos Search vendor "Synology" for product "BeePhotos" | < 1.0.2-10026 Search vendor "Synology" for product "BeePhotos" and version " < 1.0.2-10026" | en |
Affected
| ||||||
| Synology Search vendor "Synology" | BeePhotos Search vendor "Synology" for product "BeePhotos" | < 1.1.0-10053 Search vendor "Synology" for product "BeePhotos" and version " < 1.1.0-10053" | en |
Affected
| ||||||
| Synology Search vendor "Synology" | Synology Photos Search vendor "Synology" for product "Synology Photos" | < 1.7.0-0795 Search vendor "Synology" for product "Synology Photos" and version " < 1.7.0-0795" | en |
Affected
| ||||||
| Synology Search vendor "Synology" | Synology Photos Search vendor "Synology" for product "Synology Photos" | < 1.6.2-0720 Search vendor "Synology" for product "Synology Photos" and version " < 1.6.2-0720" | en |
Affected
| ||||||