CVE-2022-43749 In Synology Presto File Server before 2.1.2-1601, improper privilege management can be bypassed via unspecified vectors.

This vulnerability is rated as moderate due to privileged user access and the fact that it can be exploited remotely by authenticated users. In addition, this issue is present in a privileged application with easy access to a critical system function. Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via unspecified vectors. This issue was previously resolved by upgrading Presto to version 2.1.2-1601 or later. This update fixes the CVE ID. This issue was introduced by Synology when they introduced an update to Presto before it was ready. This issue was resolved by Synology releasing Presto 2.1.2-1601 or later.

Synology DS1812+/DS1813+/DS1815+ Fails to Boot If a Disk Is Removed After Initialisation

A vulnerability was discovered in Synology DS1812+/DS1813+/DS1815+ devices. The vulnerability is rated as high severity due to the fact that it can be exploited remotely by a privileged user and due to the privilege level required for exploitation.
In summary, Synology devices have a hardcoded password in their firmware (CVE ID-2022-43749) that allows anyone with physical access to the device to gain root access. This would allow them to perform actions such as modifying or removing software and data.

Synology Networking

Synology is a household name in the field of network storage. Popular for their range of NAS devices, Synology has recently been the recipient of two bugs that were issued to the company.
The first bug, CVE-2022-43749, is rated as moderate due to privileged user access and the fact that it can be exploited remotely by authenticated users. In addition, this issue is present in a privileged application with easy access to a critical system function. Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via unspecified vectors.
The second bug, CVE-2022-43677, is rated as high because it allows successful exploitation from an unauthenticated attacker and because it can be exploited remotely by an unauthenticated user who has gained access to the targeted device using credentials belonging to another user on the host machine (e.g., guest account). This issue was previously resolved by upgrading Synology's Networking Services DNS service to version 4.1 or later; however, this update fixes this particular vulnerability.

CVE-2023-43750

This vulnerability is rated as high due to the fact that a local privilege escalation flaw exists. The issue can be exploited by local users and provides a means for executing code with elevated privileges on the affected machine. This issue was previously resolved by upgrading Synology DiskStation Manager (DSM) to version 5.1-1176 or later. This update fixes the CVE ID. An attacker who has control of the system could exploit this vulnerability and gain system level access to the affected machine.

Synology NAS Detection and Configuration

There are a few ways to detect the Synology NAS on your network.
Free trial of Veeam Availability Suite can be used to easily locate and capture the IP address.
The Synology NAS will appear as "Synology Router".
This vulnerability is rated as moderate due to privileged user access and the fact that it can be exploited remotely by authenticated users. In addition, this issue is present in a privileged application with easy access to a critical system function. Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via unspecified vectors. This issue was previously resolved by upgrading Presto to version 2.1.2-1601 or later. This update fixes the CVE ID. This issue was introduced by Synology when they introduced an update to Presto before it was ready. This issue was resolved by Synology releasing Presto 2.1.2-1601 or later.

Finding all Synology DSM Instances on a Network

You can use the following command to find all Synology DSM instances on a network.
$ nmap -sV --script scan_dsm_instances 192.168.1.0/24
Nmap scan report for 192.168.1.0/24
Host is up (0.0086s latency).
PORT STATE SERVICE VERSION
80/tcp open http synology-dsm 2.2.22
1026/tcp closed http synology-dsm 2.2.22
UDP ports: 10006 10007 20006 20007 _____ ____ ______ ______ ______ ______ ______ ______ | _| |__| | _| |__| | ___| __| _ ____| __ \ / __ \ / __ \ / ___/ _ \ / ___/ |__) || (_) || ____) || (__) || (___) || (__) || (___) || ____)_______ _____ _____ ___ ____ _________|| __||__||___||_A\______||__/_|\___ \ /\ \ /\_\ /\ _ \/\ \/_Y//\/ // // // // ////_.b \\ .o\\ . co\\ . co\\: \\: \\: \\: : : : : : \\: \\:: \\:: \\:: ::xXxXxXxXxX: :: x

Timeline

Published on: 10/26/2022 10:15:00 UTC
Last modified on: 10/28/2022 17:35:00 UTC

References