Main Vulnerability Database SB2016102112

SB2016102112 - Privilege escalation in Synology NAS Servers

Published: October 21, 2016 Updated: October 24, 2016

Security Bulletin ID SB2016102112

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Privilege escalation (CVE-ID: CVE-2016-6554)

The vulnerability allows a remote unauthenticated user to bypass security limitations and gain elevated privileges on the target system.
The weakness exists due to improper protection of credentials. By accessing the server with default credentials, attacker can bypass security limitations and increase his privileges.
Successful exploitation of the vulnerability results in privilege escalation and full access to the vulnerable system.

Remediation

Install update from vendor's website.

References

http://www.kb.cert.org/vuls/id/404187