A critical security vulnerability has been identified in Synology VPN Plus servers, which were developed to transform Synology Router solutions into an advanced VPN (virtual private network) server, that could cause threat actors to execute code remotely in affected versions.
The security vulnerability tracked as CVE-2022-43931 is due to a boundary error in Remote Desktop Functionality and affects Synology VPN Plus Server versions before 1.4.3-0534 and 1.4.4-0635. The vulnerability could allow remote threat actors to execute code on the vulnerable system.
Synology Released Patch for Synology VPN Immediately
Synology fixed the vulnerability immediately after being discovered by Synology Incident Response Team (PSIRT). It had a maximum severity score of 10 out of 10.
To avoid being the target of attacks that can be carried out using vulnerabilities, it is recommended to upgrade to Synology VPN Plus Server 1.4.3-0534 or 1.4.4-0635 versions.
