Synology, a company that manufactures network-attached storage (NAS) appliances, has notified that the Synology VPN Plus Server software has a serious flaw that has the highest possible severity rating (10/10). In the warning that was released a week ago and given a severity rating of critical, the business highlighted a vulnerability that had been found in the VPN Plus Server software by Synology’s Product Security Incident Response Team (PSIRT), which is an internal security team.
In the remote desktop capabilities of the VPN Plus Server, there is a vulnerability that is being tracked as CVE-2022-43931. This vulnerability is an out-of-bounds write problem. This vulnerability may be exploited by a remote attacker to carry out arbitrary instructions.
“A vulnerable version of Synology VPN Plus Server may enable remote attackers to carry out arbitrary command execution if they are using the affected version of the software.” A security alert published by Synology said.
“Remote attackers are able to execute arbitrary commands through undefined vectors thanks to an out-of-bounds write vulnerability in the Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635,” reads the advisory.
Synology has released a security update to fix the vulnerability known as CVE-2022-43931. The company recommends that consumers upgrade VPN Plus to the most recent version as soon as they are able to do so.
Your Synology Router may be transformed into a cutting-edge VPN (virtual private network) server by using VPN Plus Server. Users will be able to access Internet resources as well as those located in the local networks that are behind your Synology Router by only using a VPN client or a web browser thanks to this package.
Your Synology Router may be transformed into a cutting-edge VPN (virtual private network) server by using VPN Plus Server. Users will be able to access Internet resources as well as those located in the local networks that are behind your Synology Router by only using a VPN client or a web browser thanks to this package.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.