First published: Tue Jun 13 2023(Updated: )
Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors.
Credit: security@synology.com
Affected Software | Affected Version | How to fix |
---|---|---|
Synology DiskStation Manager | >=6.2<7.2-64561 | |
Synology Diskstation Manager Unified Controller | =3.1 | |
Synology Router Manager | >=1.2<1.3.1-9346 | |
Synology Router Manager | =1.3.1-9346 | |
Synology Router Manager | =1.3.1-9346-update_1 | |
Synology Router Manager | =1.3.1-9346-update_2 | |
Synology Router Manager | =1.3.1-9346-update_3 | |
Synology Router Manager | =1.3.1-9346-update_4 | |
Synology Router Manager | =1.3.1-9346-update_5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-2729 is a vulnerability in the User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 that allows remote attackers to obtain user credentials.
CVE-2023-2729 affects Synology DiskStation Manager versions between 6.2 and 7.2-64561.
Yes, CVE-2023-2729 has a severity rating of 7.5 (high).
To fix CVE-2023-2729, users should upgrade their Synology DiskStation Manager to version 7.2-64561 or later.
Yes, you can find additional information about CVE-2023-2729 in the Synology security advisories: [Synology_SA_23_07](https://www.synology.com/en-global/security/advisory/Synology_SA_23_07) and [Synology_SA_23_08](https://www.synology.com/en-global/security/advisory/Synology_SA_23_08).