WARNING: CRITICAL VULNERABILITY IN SYNOLOGY VPN PLUS SERVER
Exploiting vulnerability CVE-2022-43931 in the Synology VPN Plus server could be exploited by a remote unauthenticated attacker. The attack does not require any user interaction and can be executed remotely without privileges.
Because this is a VPN server, the attacker can use this Remote Code Execution (RCE) vulnerability to get access to your internal network which can lead to a full compromise of your systems.
The impact on Confidentiality, Integrity and Availability is HIGH.
Synology VPN Plus Server is a virtual private network server that allows administrators to set up Synology routers as a VPN server to allow remote access to resources behind the router.
CVE-2022-43931 is a critical out-of-bounds write vulnerability in the Remote Desktop Functionality in Synology VPN Plus Server for SRM 1.3 and 1.2 before 1.4.4-0635 and 1.4.3-0534 respectively, which allows unauthenticated remote attackers to execute arbitrary commands via unspecified vectors.
The Centre for Cybersecurity Belgium recommends system administrators to patch their Synology devices with versions 1.4.4-0635 or above and 1.4.3-0534 or above.
Disconnect vulnerable devices that are connected to the internet if there is no business use-case.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident