[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"all-banners":3,"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0":4,"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU":11,"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU":17,"vulnerability-12325":24},[],["Island",5],{"key":6,"params":7,"result":9},"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0",{"props":8},"{}",{"head":10},{},["Island",12],{"key":13,"params":14,"result":15},"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU",{"props":8},{"head":16},{},["Island",18],{"key":19,"params":20,"result":22},"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU",{"props":21},"{\"text-color\":\"gray\"}",{"head":23},{},{"id":25,"detectable_with":26,"vuln_details":33,"vuln_id":51,"name":52,"published":53,"updated":34},12325,{"tool":27,"engine":30},{"id":28,"name":29},1,"Network Scanner",{"id":31,"name":32},3,"OpenVAS",{"id":25,"codename":34,"description":34,"severity":35,"risk_description":36,"public_description":37,"public_recommendation":38,"recommendation":34,"references":39,"cvssv3":41,"epss_score":42,"epss_percentile":43,"cve":44,"in_cisa_catalog":49,"date":50,"software_type":34,"vendor":34,"product":34,"ptt_exploit_capabilities":34},null,"medium","The following vulnerabilities exist / mitigation was done: - CVE-2022-27624: A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. - CVE-2022-27625: A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. - CVE-2022-27626: A vulnerability regarding concurrent execution using shared resource with improper synchronization (Race Condition) is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. - CVE-2022-3576: A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecified vectors.","Multiple Synology NAS devices running DiskStation Manager (DSM) are prone to multiple vulnerabilities.","Update to firmware version 7.1.1-42962-2 or later.",[40],"https://www.synology.com/en-global/security/advisory/Synology_SA_22_17",5.3,0.01385,0.8028,[45,46,47,48],"CVE-2022-27624","CVE-2022-27625","CVE-2022-27626","CVE-2022-3576",false,"2022-10-20T00:00:00Z","NETSCAN-OPENVAS-1.3.6.1.4.1.25623.1.0.170224","Synology DiskStation Manager (DSM) \u003C 7.1.1-42962-2 Multiple Vulnerabilities (Synology-SA-22:17) - Remote Known Vulnerable Versions Check","2022-11-14T00:00:00Z"]