WARNING: CRITICAL REMOTE CODE EXECUTION VULNERABILITY IN SYNOLOGY PHOTOS AND BEEPHOTOS, PATCH IMMEDIATELY!
CVE-2024-10443: CVSS 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Sources
Synology: https://www.synology.com/en-us/security/advisory/Synology_SA_24_19
Synology: https://www.synology.com/en-us/security/advisory/Synology_SA_24_18
Risques
An unauthenticated remote code execution vulnerability was found in the Synology Photos and BeePhotos apps. This vulnerability could allow an attacker to compromise your NAS device by running malicious code as root. This CVE was dubbed RISK:STATION by the researchers.
A compromised NAS device can be used to steal your data, pivot deeper into your network, and deploy ransomware. Historically we have seen that ransomware actors target these kinds of devices because they are the perfect target to exfiltrate and encrypt data.
Description
The details of the vulnerability are still under embargo. This advisory will be updated when we have more detailed information.
Actions recommandées
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Update to the following version:
- BeePhotos for BeeStation OS 1.1: Upgrade to 1.1.0-10053 or above
- BeePhotos for BeeStation OS 1.0: Upgrade to 1.0.2-10026 or above
- Synology Photos 1.7 for DSM 7.2: Upgrade to 1.7.0-0795 or above
- Synology Photos 1.6 for DSM 7.2: Upgrade to 1.6.2-0720 or above
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
Références
Bleeping Computer: https://www.bleepingcomputer.com/news/security/synology-fixed-two-critical-zero-days-exploited-at-pwn2own-within-days/
MidnightBlue: https://www.midnightblue.nl/research/riskstation