CVE-2023-52945

Vulnerability

An uncontrolled search path element vulnerability (CWE-427) exists in the OpenSSL DLL component of Synology BeeDrive for desktop prior to version 1.3.2-13814 [1]. This allows a local attacker to place a malicious DLL in a directory that the application searches before the intended system directory, causing the application to load the attacker's code instead of the legitimate library. The vulnerability is triggered during normal operation of the affected BeeDrive software when it loads the OpenSSL DLL [1].

Exploitation

An attacker must have local access to the system and the ability to write files to a directory that is searched by the vulnerable DLL-loading process, such as the application's working directory or a directory in the PATH environment variable [1]. No special privileges or user interaction beyond normal application startup are required. The attacker places a crafted DLL with the same name as the legitimate OpenSSL DLL in the search path; when BeeDrive loads the DLL, the malicious code is executed instead. The exact attack vector is not fully disclosed in the available references [1].

Impact

Successful exploitation allows a local attacker to execute arbitrary code with the privileges of the BeeDrive application [1]. Given the CVSS v3.1 base score of 7.8 (High) with confidentiality, integrity, and availability impact all rated as High, the attacker can potentially read, modify, or destroy data and disrupt the system [1]. The attack is limited to local access and requires low privileges to initiate but yields high impact on the affected system.

Mitigation

Synology released a fix in BeeDrive for desktop version 1.3.2-13814 or above [1]. Users should upgrade to this version or later to remediate the vulnerability. The advisory notes that no workaround is available [1]. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the advisory publication date.