#VU1062 Privilege escalation in Synology NAS Servers - CVE-2016-6554
Published: October 21, 2016 / Updated: October 24, 2016
Vulnerability identifier: #VU1062
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-6554
CWE-ID: CWE-255
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Synology NAS Servers
Synology NAS Servers
Software vendor:
Synology Inc.
Synology Inc.
Description
The vulnerability allows a remote unauthenticated user to bypass security limitations and gain elevated privileges on the target system.
The weakness exists due to improper protection of credentials. By accessing the server with default credentials, attacker can bypass security limitations and increase his privileges.
Successful exploitation of the vulnerability results in privilege escalation and full access to the vulnerable system.
The weakness exists due to improper protection of credentials. By accessing the server with default credentials, attacker can bypass security limitations and increase his privileges.
Successful exploitation of the vulnerability results in privilege escalation and full access to the vulnerable system.
Remediation
Update to version 5.2-5644 -1.