CVE-2022-43931 - Vulnerability Details - OpenCVE

Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Synology	Router Manager Vpn Plus Server

Configuration 1 [-]

AND

cpe:2.3:a:synology:vpn_plus_server:*:*:*:*:*:*:*:*

cpe:2.3:o:synology:router_manager:1.2:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:a:synology:vpn_plus_server:*:*:*:*:*:*:*:*

cpe:2.3:o:synology:router_manager:1.3:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.synology.com/en-global/security/advisory/Synology_SA_22_26

History

Thu, 10 Apr 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: synology

Published: 2023-01-03T03:11:03.979Z

Updated: 2025-04-10T14:37:49.685Z

Reserved: 2022-10-26T17:55:30.258Z

Link: CVE-2022-43931

Vulnrichment

Updated: 2024-08-03T13:40:06.582Z

NVD

Status : Modified

Published: 2023-01-03T04:15:09.470

Modified: 2024-11-21T07:27:22.750

Link: CVE-2022-43931

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-43931", "assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01", "state": "PUBLISHED", "assignerShortName": "synology", "dateReserved": "2022-10-26T17:55:30.258Z", "datePublished": "2023-01-03T03:11:03.979Z", "dateUpdated": "2025-04-10T14:37:49.685Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-787: Out-of-bounds Write"}]}], "affected": [{"vendor": "Synology", "product": "VPN Plus Server", "versions": [{"version": "*", "status": "affected", "lessThan": "1.4.4-0635", "versionType": "semver"}, {"version": "*", "status": "affected", "lessThan": "1.4.3-0534", "versionType": "semver"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors."}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 10, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}}], "references": [{"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_22_26", "name": "Synology_SA_22_26", "tags": ["vendor-advisory"]}], "providerMetadata": {"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01", "shortName": "synology", "dateUpdated": "2023-01-03T03:11:03.979Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:40:06.582Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_22_26", "name": "Synology_SA_22_26", "tags": ["vendor-advisory", "x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-10T14:37:41.222992Z", "id": "CVE-2022-43931", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-10T14:37:49.685Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_22_26", "name": "Synology_SA_22_26", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:40:06.582Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-43931", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-10T14:37:41.222992Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-10T14:37:12.510Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Synology", "product": "VPN Plus Server", "versions": [{"status": "affected", "version": "*", "lessThan": "1.4.4-0635", "versionType": "semver"}, {"status": "affected", "version": "*", "lessThan": "1.4.3-0534", "versionType": "semver"}], "defaultStatus": "affected"}], "references": [{"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_22_26", "name": "Synology_SA_22_26", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-787: Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01", "shortName": "synology", "dateUpdated": "2023-01-03T03:11:03.979Z"}}}, "cveMetadata": {"cveId": "CVE-2022-43931", "state": "PUBLISHED", "dateUpdated": "2025-04-10T14:37:49.685Z", "dateReserved": "2022-10-26T17:55:30.258Z", "assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01", "datePublished": "2023-01-03T03:11:03.979Z", "assignerShortName": "synology"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:synology:vpn_plus_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B9447F9-2136-4373-874A-EB22975E05A8", "versionEndExcluding": "1.4.3-0534", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:synology:router_manager:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "43088D16-C9DE-4562-A935-F0A056FAC94F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:synology:vpn_plus_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "466C2C1F-6D2D-45F8-AA1D-B9A15B5A8DDE", "versionEndExcluding": "1.4.4-0635", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:synology:router_manager:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "69719ACD-229C-4685-BADB-52FB55671BD9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de escritura fuera de los l\u00edmites en la funcionalidad de escritorio remoto en Synology VPN Plus Server anterior a 1.4.3-0534 y 1.4.4-0635 permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de vectores no especificados."}], "id": "CVE-2022-43931", "lastModified": "2024-11-21T07:27:22.750", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "security@synology.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-03T04:15:09.470", "references": [{"source": "security@synology.com", "tags": ["Vendor Advisory"], "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_22_26"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_22_26"}], "sourceIdentifier": "security@synology.com", "vulnStatus": "Modified"}