CVE-2024-10444

CWE-295 — Improper Certificate Validation3 documents3 sources

Severity

7.5HIGH

EPSS

0.0%

top 85.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Synology Diskstation Manager (dsm)Synology Diskstation Manager

Timeline

PublishedMar 19

Description

Improper certificate validation vulnerability in the LDAP utilities in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows man-in-the-middle attackers to hijack the authentication of administrators via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages2 packages

▶NVDsynology/diskstation_manager7.1 — 7.1.1-42962-8+2

▶CVEListV5synology/diskstation_manager_(dsm)7.2.2 — 7.2.2-72806-3+2

🔴Vulnerability Details

GHSA

GHSA-mm7h-5pr2-rrfg: Improper certificate validation vulnerability in the LDAP utilities in Synology DiskStation Manager (DSM) before 7↗2025-03-19

▶

CVEList

CVE-2024-10444: Improper certificate validation vulnerability in the LDAP utilities in Synology DiskStation Manager (DSM) before 7↗2025-03-19

▶