CVE-2015-2809
Last modified
CVE-2015-2809 is a vulnerability of currently unknown severity. The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) before 3.1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets to the Avahi component.. EPSS estimates a 3.67% chance of exploitation in the next 30 days.
Description
The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) before 3.1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets to the Avahi component.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Synology | Diskstation Manager | <= 3.0 |
References
- http://www.kb.cert.org/vuls/id/550620Third Party Advisory, US Government Resource
- http://www.kb.cert.org/vuls/id/BLUU-9TLSHDThird Party Advisory, US Government Resource
- http://www.kb.cert.org/vuls/id/550620Third Party Advisory, US Government Resource
- http://www.kb.cert.org/vuls/id/BLUU-9TLSHDThird Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-2809?
How severe is CVE-2015-2809?
How do I fix CVE-2015-2809?
Are you affected by CVE-2015-2809?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST