CVE Catalog

CVE-2022-49036

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.02%

6th percentile - higher than 6% of all known CVEs

Summary

The CVE-2022-49036 vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before version 2.5.0-2081 allows local users to execute arbitrary code via unspecified vectors.

Risk Assessment

This vulnerability may lead to unauthorized access and potential system takeover by local users, posing a serious security threat to the organization.

Recommendation

It is recommended to update Synology Active Backup for Business Recovery Media Creator to version 2.5.0-2081 or later to mitigate this vulnerability.

Original NVD description (English source)

An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users to execute arbitrary code via unspecified vectors.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS