Query Details
CVE 2024 10443 Hunting RISKSTATION
Query
// CVE-2024-10443 Hunting: RISK:STATION // Synology has addressed a critical security flaw impacting DiskStation and BeePhotos that could lead to remote code execution. RISK:STATION is an unauthenticated zero-click vulnerability allowing attackers to obtain root-level code execution on the popular Synology DiskStation and BeeStation NAS devices, affecting millions of devices. // Do you know where all your corporate Synology NAS boxes are? The following Sentinel KQL will scan through your DeviceNetworkEvents table for the past 90 days and prepare a list of Synology NAS quick connect hosts and your Microsoft Defender for Endpoints connection. This allows SecOps to work with Infra Ops to ensure all NAS boxes are patched. // Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices // Link: https://thehackernews.com/2024/11/synology-urges-patch-for-critical-zero.html DeviceNetworkEvents | where TimeGenerated > ago(90d) | where ActionType == @"HttpConnectionInspected" | extend Host = tostring(parse_json(AdditionalFields)["host"]) | where Host contains ":5001" // Synology DSM secure port | distinct Host, DeviceName | sort by Host desc
Explanation
This query is designed to help identify Synology NAS devices within a network that might be vulnerable to a critical security flaw, CVE-2024-10443, which could allow attackers to execute code remotely without any user interaction. The query searches through network event logs from the past 90 days to find connections to Synology NAS devices, specifically looking for connections on port 5001, which is used by Synology's DiskStation Manager (DSM) for secure communications. The results provide a list of unique Synology NAS hosts and their associated device names, sorted in descending order by host. This information is intended to assist security and infrastructure operations teams in ensuring that all Synology NAS devices are identified and patched to protect against this vulnerability.
Details
Steven Lim
Released: November 6, 2024
Tables
Keywords
Operators