Publish Time: 2018-12-18 11:58:48 UTC+8
Last Updated: 2021-09-01 14:38:08 UTC+8
Abstract
Magellan vulnerability allows remote authenticated users to conduct denial-of-service attacks or possibly execute arbitrary code via a susceptible version of Synology products.
Affected Products
Product | Severity | Fixed Release Availability |
---|---|---|
DSM 6.2 | Moderate | Upgrade to 6.2.2-24922 or above. |
DSM 6.1 | Moderate | Upgrade to 6.2.2-24922 or above. |
DSM 5.2 | Moderate | Upgrade to 6.2.2-24922 or above. |
SkyNAS | Moderate | Will not fix. |
VS960HD | Moderate | Ongoing |
SRM 1.2 | Moderate | Upgrade to 1.2.1-7779 or above. |
Active Backup | Moderate | Upgrade to DSM 6.2.2-24922 or above. |
Download Station | Moderate | Upgrade to DSM 6.2.2-24922 or above. |
Log Center | Moderate | Upgrade to DSM 6.2.2-24922 or above. |
Mail Server | Moderate | Upgrade to DSM 6.2.2-24922 or above. |
MailPlus | Moderate | Upgrade to DSM 6.2.2-24922 or above. |
MailPlus Server | Moderate | Upgrade to DSM 6.2.2-24922 or above. |
Python 3 | Moderate | Ongoing |
Surveillance Station | Moderate | Upgrade to 8.2.9-7296 or above. |
Synology Application Service | Moderate | Upgrade to DSM 6.2.2-24922 or above. |
Universal Search | Moderate | Upgrade to DSM 6.2.2-24922 or above. |
Mitigation
None
Detail
Reference
Revision
Revision | Date | Description |
---|---|---|
1 | 2018-12-18 | Initial public release. |
2 | 2018-12-22 | Disclosed vulnerability details. |
3 | 2019-12-18 | Update for DSM 6.2 is now available in Affected Products. |
4 | 2019-12-18 | Update for Active Backup is now available in Affected Products. |
5 | 2019-12-18 | Update for Download Station is now available in Affected Products. |
6 | 2019-12-18 | Update for Log Center is now available in Affected Products. |
7 | 2019-12-18 | Update for Mail Server is now available in Affected Products. |
8 | 2019-12-18 | Update for MailPlus is now available in Affected Products. |
9 | 2019-12-18 | Update for MailPlus Server is now available in Affected Products. |
10 | 2019-12-18 | Update for Synology Application Service is now available in Affected Products. |
11 | 2019-12-18 | Update for Universal Search is now available in Affected Products. |
12 | 2020-06-18 | Update for SRM 1.2 is now available in Affected Products. |
13 | 2021-05-03 | Updated Affected Products for SkyNAS which will not be fixed. |
14 | 2021-06-01 | Update for Surveillance Station is now available in Affected Products. |