CVE-2023-52947
Description
Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. The backup functionality will continue to operate and will not be affected by the logout.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Local users can logout the Synology Active Backup for Business Agent client without authentication due to missing authentication in the logout functionality.
Vulnerability
The vulnerability is a missing authentication check in the logout functionality of Synology Active Backup for Business Agent prior to version 2.6.3-3101. The logout function does not require any authentication, allowing any local user to trigger a client logout. The backup operations continue to run unaffected. [1]
Exploitation
An attacker needs local access to the system running the agent. No authentication or user interaction is required. The attacker can invoke the logout function via unspecified vectors (likely through local API or UI). The exact steps are not disclosed, but the vulnerability is exploitable locally with low complexity. [1]
Impact
Successful exploitation results in the client being logged out, which may disrupt user monitoring or management but does not affect backup functionality. The CVSS score is 4.0 (Moderate) with a low availability impact. No confidentiality or integrity impact is expected. [1]
Mitigation
Synology has fixed the issue in Active Backup for Business Agent version 2.7.0-3221 and above. Users should upgrade to that version or later. No workarounds are provided. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<=2.6.3-3101+ 1 more
- (no CPE)range: <=2.6.3-3101
- (no CPE)range: *
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.synology.com/en-global/security/advisory/Synology_SA_24_11mitrevendor-advisory
News mentions
0No linked articles in our index yet.