PT-2025-11653 · Synology · Synology Diskstation Manager
Chris Anastasio
+1
·
Published
2024-11-05
·
Updated
2025-11-17
·
CVE-2024-10444
CVSS v2.0
7.6
High
| Vector | AV:N/AC:H/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Synology DiskStation Manager (DSM) versions prior to 7.1.1-42962-8
Synology DiskStation Manager (DSM) versions prior to 7.2.1-69057-7
Synology DiskStation Manager (DSM) versions prior to 7.2.2-72806-3
Description
The issue is related to improper certificate validation in the LDAP utilities, allowing man-in-the-middle attackers to hijack the authentication of administrators.
Recommendations
For versions prior to 7.1.1-42962-8, update to version 7.1.1-42962-8 or later.
For versions prior to 7.2.1-69057-7, update to version 7.2.1-69057-7 or later.
For versions prior to 7.2.2-72806-3, update to version 7.2.2-72806-3 or later.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Synology Diskstation Manager