Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Critical vulnerability in various versions of synology beestation manager (bsm), synology diskstation manager (dsm), and synology unified controller (dsmuc), could lead to remote code execution, patch immediately!
Image
Published : 19/03/2025
- Last update: 19/03/2025
- Affected software:: Synology BeeStation Manager (BSM) before 1.1-65374; Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1; Synology Unified Controller (DSMUC) before 3.1.4-2307
- Type: Improper Encoding or Escaping of Output (CWE-116)
- CVE/CVSS
CVE-2024-10441: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
https://www.synology.com/en-global/security/advisory/Synology_SA_24_20
https://www.synology.com/en-global/security/advisory/Synology_SA_24_23
Risks
Successful exploitation of this vulnerability in various versions of Synology BeeStation Manager (BSM), Synology DiskStation Manager (DSM), and Synology Unified Controller (DSMUC), could lead to remote code execution. This may allow attackers to execute malicious commands, escalating their access and potentially compromising the entire network or connected devices.
This vulnerability has a significant impact on confidentiality, integrity, and availability.
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of active exploitation at the moment.
Description
Improper encoding or escaping of output vulnerability in the system plugin daemon in various versions of Synology BeeStation Manager (BSM), Synology DiskStation Manager (DSM), and Synology Unified Controller (DSMUC), allows remote attackers to execute arbitrary code via unspecified vectors.
By exploiting this vulnerability, a threat actor can:
- Execute arbitrary code remotely, gaining full control over the device.
- Escalate privileges to gain admin access.
- Install malware, establishing persistence.
- Steal or corrupt sensitive data.
- Disrupt or disable services, causing operational downtime.
- Takeover the device completely.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via:< https://ccb.belgium.be/cert/report-incident>.