CVE-2024-10444

Summary

CVE-2024-10444 is a newly disclosed vulnerability affecting the LDAP utilities in Synology DiskStation Manager (DSM) before versions 7.1.1-42962-8, 7.2.1-69057-7, and 7.2.2-72806-3. This issue stems from improper certificate validation, creating an opportunity for man-in-the-middle attackers to intercept and hijack administrator authentication. The precise attack vectors have yet to be disclosed, but the potential consequences could be severe, as successful exploitation could result in unauthorized access to sensitive data or system controls. Users are strongly advised to update their DSM installations to the latest patched versions as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.