Local Escalation via OS Command Injection in Synology DSM < 2022.2 SU2
CVE-2023-28129 Published on August 10, 2023

DSM 2022.2 SU2 and all prior versions allows a local low privileged account to execute arbitrary OS commands as the DSM software installation user.

NVD

Products Associated with CVE-2023-28129

Want to know whenever a new CVE is published for Ivanti Desktop Server Management? stack.watch will email you.

Ivanti Desktop Server Management

Affected Versions

Ivanti Desktop & Server Management (DSM) :

Version 2022 su2 and below 2022 su2 is unaffected.

Exploit Probability

EPSS

0.61%

Percentile

69.57%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Local Escalation via OS Command Injection in Synology DSM < 2022.2 SU2CVE-2023-28129 Published on August 10, 2023

Products Associated with CVE-2023-28129

Affected Versions

Exploit Probability

Local Escalation via OS Command Injection in Synology DSM < 2022.2 SU2
CVE-2023-28129 Published on August 10, 2023