CVE-2022-27615 – This path traversal vulnerability in Synology D... (How to Fix)

Q: What is the severity of CVE-2022-27615?

CVE-2022-27615 has a CVSS score of 7.7 (HIGH). This path traversal vulnerability in Synology DNS Server allows authenticated remote attackers to delete arbitrary files on the system. It affects Synology DNS Server versions before 2.2.2-5027. Attackers need valid credentials to exploit this vulnerability.

📋 TL;DR

This path traversal vulnerability in Synology DNS Server allows authenticated remote attackers to delete arbitrary files on the system. It affects Synology DNS Server versions before 2.2.2-5027. Attackers need valid credentials to exploit this vulnerability.

💻 Affected Systems

Products:

Synology DNS Server

Versions: Versions before 2.2.2-5027

Operating Systems: Synology DSM

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the DNS Server web interface or API.

📦 What is this software?

Dns Server by Synology

View all CVEs affecting Dns Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through deletion of critical system files, leading to service disruption, data loss, or privilege escalation.

🟠

Likely Case

Targeted deletion of configuration files, logs, or application data causing service disruption or data loss.

🟢

If Mitigated

Limited impact due to proper access controls and file permissions restricting what authenticated users can delete.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but path traversal vulnerabilities are typically straightforward to exploit once vectors are identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.2.2-5027 and later

Vendor Advisory: https://www.synology.com/security/advisory/Synology_SA_20_27

Restart Required: Yes

Instructions:

1. Log into DSM as administrator. 2. Open Package Center. 3. Find Synology DNS Server. 4. Click Update if available. 5. Alternatively, download the latest version from Synology's website and manually install.

🔧 Temporary Workarounds

Restrict DNS Server Access

all

Limit access to the DNS Server interface to trusted networks only.

Implement Strong Authentication

all

Enforce strong passwords and consider multi-factor authentication for DNS Server administrators.

🧯 If You Can't Patch

Restrict DNS Server web interface access to specific IP addresses or VLANs only.
Implement strict file permissions and monitor for unauthorized file deletion attempts.

🔍 How to Verify

Check if Vulnerable:

Check the installed version of Synology DNS Server in Package Center or via command line: synopkg version DNS_Server

Check Version:

synopkg version DNS_Server

Verify Fix Applied:

Verify the installed version is 2.2.2-5027 or later in Package Center or via command line.

📡 Detection & Monitoring

Log Indicators:

Unusual file deletion events in system logs
Multiple failed authentication attempts followed by successful login and file operations

Network Indicators:

Unusual HTTP requests to DNS Server CGI endpoints with path traversal patterns

SIEM Query:

source="synology_dns" AND (event="file_delete" OR uri="*../*")

📊 Metadata

CVE ID: CVE-2022-27615

CVSS v3 Score: 7.7 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CWE: CWE-22

Published: July 28, 2022

Last Updated: November 21, 2024

🔗 References

https://www.synology.com/security/advisory/Synology_SA_20_27 Vendor Advisory
https://www.synology.com/security/advisory/Synology_SA_20_27 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-27615, you might also want to check these: