CVE-2022-49036
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk6th percentile - higher than 6% of all known CVEs
Summary
The CVE-2022-49036 vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before version 2.5.0-2081 allows local users to execute arbitrary code via unspecified vectors.
Risk Assessment
This vulnerability may lead to unauthorized access and potential system takeover by local users, posing a serious security threat to the organization.
Recommendation
It is recommended to update Synology Active Backup for Business Recovery Media Creator to version 2.5.0-2081 or later to mitigate this vulnerability.
Original NVD description (English source)
An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users to execute arbitrary code via unspecified vectors.

