Get in Touch
Indiscriminate, opportunistic targeting.
Severity level: Critical – Common Vulnerability Scoring System (CVSS) score of 10/10.
Taiwan-based Synology has recently highlighted a critical vulnerability for their Virtual Private Network (VPN) Plus Server. The VPN Plus Server tooling is designed to allow administrators to remotely access company resources behind the router. Therefore, the exploitation of this tooling would result in administrative-level compromise and can thus affect other connected systems.
The vulnerability is being tracked as CVE-2022-43931
Reported by Synology, an attack would not require any additional privileges and can be achieved with little complexity.
Upon successful exploitation, it will likely result in threat actors executing remote executable commands, allowing them to access the server with administration-level permissions with potential for lateral movement into connected systems.
Synology VPN Plus Server versions operating below the affected product versions are vulnerable to this common vulnerability and exposure (CVE).
- VPN Plus Servers for SRM 1.3 operating below 1.4.4-0635
- VPN Plus Servers for SRM 1.2 operating below 1.4.3-0534
Containment, Mitigations & Remediations
Customers using Synology VPN Plus Servers are strongly recommended to patch their systems with the latest update at the next available opportunity.
Indicators of Compromise
At the time of writing this report, no threat groups have been identified actively using this vulnerability.
Synology Blog – CVE-2022-43931