Cyber Posture

CVE-2024-10444

High

Published: 19 March 2025

Published
19 March 2025
Modified
17 November 2025
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0027 49.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-10444 is a high-severity Improper Certificate Validation (CWE-295) vulnerability in Synology Diskstation Manager. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 49.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-17 (Public Key Infrastructure Certificates) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Adversary-in-the-Middle (T1557). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-17 Public Key Infrastructure Certificates good match
prevent

Directly requires establishment, management, and validation of PKI certificates to mitigate improper certificate validation in LDAP utilities enabling MITM attacks.

SI-2 Flaw Remediation good match
prevent

Mandates timely flaw remediation, including installation of vendor patches that fix the specific improper certificate validation vulnerability in Synology DSM LDAP utilities.

SC-8 Transmission Confidentiality and Integrity partial match
prevent

Requires cryptographic mechanisms to protect transmission confidentiality and integrity over networks, reducing MITM risks during LDAP-based administrator authentication.

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
attack.mitre.org →
Why these techniques?

The vulnerability's improper certificate validation in LDAP utilities directly enables MITM attackers to intercept and hijack administrator authentication sessions.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Improper certificate validation vulnerability in the LDAP utilities in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows man-in-the-middle attackers to hijack the authentication of administrators via unspecified vectors.

Deeper analysisAI

CVE-2024-10444 is an improper certificate validation vulnerability (CWE-295) affecting the LDAP utilities in Synology DiskStation Manager (DSM) versions prior to 7.1.1-42962-8, 7.2.1-69057-7, and 7.2.2-72806-3. This flaw enables man-in-the-middle (MITM) attackers to hijack administrator authentication through unspecified vectors, as disclosed on March 19, 2025. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high potential impact on confidentiality, integrity, and availability.

The attack requires a network-accessible position for MITM interception, high attack complexity, no user privileges, and user interaction, such as an administrator triggering the vulnerable LDAP operation. Successful exploitation allows attackers to impersonate administrators, potentially granting unauthorized access to DSM administrative functions and compromising the entire DiskStation system.

Synology's security advisory (Synology_SA_25_01) details the issue and recommends updating to DSM 7.1.1-42962-8, 7.2.1-69057-7, or 7.2.2-72806-3, or later, to mitigate the vulnerability by addressing the certificate validation flaw in LDAP utilities.

Details

CWE(s)
CWE-295

Affected Products

synology
diskstation manager
7.1 — 7.1.1-42962-8 · 7.2.1-69057 — 7.2.1-69057-7 · 7.2.2 — 7.2.2-72806-3

CVEs Like This One

CVE-2024-45538Same product: Synology Diskstation Manager
CVE-2024-10441Same product: Synology Diskstation Manager
CVE-2024-50394Same product class: NAS / storage appliance
CVE-2024-11131Same product class: NAS / storage appliance
CVE-2026-3091Same product class: NAS / storage appliance
CVE-2024-50630Same product class: NAS / storage appliance
CVE-2024-50631Same product class: NAS / storage appliance
CVE-2025-30277Same product class: NAS / storage appliance
CVE-2024-10442Same product: Synology Diskstation Manager
CVE-2025-30278Same product class: NAS / storage appliance

References