Synology releases patch for maximum severity vulnerability

Target Industry

Indiscriminate, opportunistic targeting.

Overview

Severity level: Critical – Common Vulnerability Scoring System (CVSS) score of 10/10.

Taiwan-based Synology has recently highlighted a critical vulnerability for their Virtual Private Network (VPN) Plus Server. The VPN Plus Server tooling is designed to allow administrators to remotely access company resources behind the router. Therefore, the exploitation of this tooling would result in administrative-level compromise and can thus affect other connected systems.

The vulnerability is being tracked as CVE-2022-43931

Reported by Synology, an attack would not require any additional privileges and can be achieved with little complexity.

Impact

Upon successful exploitation, it will likely result in threat actors executing remote executable commands, allowing them to access the server with administration-level permissions with potential for lateral movement into connected systems.

Vulnerability Detection

Synology VPN Plus Server versions operating below the affected product versions are vulnerable to this common vulnerability and exposure (CVE).

Affected Products

• VPN Plus Servers for SRM 1.3 operating below 1.4.4-0635
• VPN Plus Servers for SRM 1.2 operating below 1.4.3-0534

Containment, Mitigations & Remediations

Customers using Synology VPN Plus Servers are strongly recommended to patch their systems with the latest update at the next available opportunity.

Indicators of Compromise

No IOCs.

Threat Group

At the time of writing this report, no threat groups have been identified actively using this vulnerability.

Mitre Methodologies

T1133 – External Remote Services
T1210 – Exploitation of Remote Services

Further Information

Synology Blog – CVE-2022-43931