Undergoing Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
CVE has been recently published to the CVE List and has been received by the NVD.
Products
Synology Active Backup for Business Agent
- before 2.7.0-3221
Source
security@synology.com
Tags
CVE-2023-52949 details
Published : Sept. 26, 2024, 4:15 a.m.
Last Modified : Sept. 26, 2024, 1:32 p.m.
Last Modified : Sept. 26, 2024, 1:32 p.m.
Description
Missing authentication for critical function vulnerability in proxy settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors.
CVSS Score
1 | 2 | 3 | 4 | 5.5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-306 | Missing Authentication for Critical Function | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
Base Score
5.5
Exploitability Score
1.8
Impact Score
3.6
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References
URL | Source |
---|---|
https://www.synology.com/en-global/security/advisory/Synology_SA_24_11 | security@synology.com |
This website uses the NVD API, but is not approved or certified by it.