CVE-2023-52950

Summary

CVE-2023-52950 is a vulnerability in the login component of Synology Active Backup for Business Agent versions prior to 2.7.0-3221, which lacks proper encryption of sensitive data, allowing adjacent man-in-the-middle attackers to capture user credentials. The potential risk posed by this vulnerability is classified as medium severity, with a high impact on confidentiality but no impact on integrity or availability. Remediation involves updating the software to version 2.7.0-3221 or later to mitigate the risk of unauthorized credential access. The attack can be executed without any required privileges or user interaction, and it necessitates an adjacent network position for exploitation. For further details and guidance, organizations can refer to Synology's security advisory here.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.