CVE-2016-10323

Опубликовано: 10 апр. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command.

Ссылки

http://seclists.org/oss-sec/2016/q1/236
Exploit
Mailing List
Third Party Advisory
https://www.synology.com/en-us/releaseNote/PhotoStation
Release Notes
Vendor Advisory
http://seclists.org/oss-sec/2016/q1/236
Exploit
Mailing List
Third Party Advisory
https://www.synology.com/en-us/releaseNote/PhotoStation
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:synology:photo_station:*:*:*:*:*:*:*:*

Версия до 6.3-2958 (исключая)

EPSS

Процентиль: 12%

0.0004

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-5pcc-783h-f9f4