CVE-2024-10445 — MEDIUM (4.3)

Q: How severe is CVE-2024-10445?

CVE-2024-10445 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-10445?

Check the references section above for vendor advisories and patch information. Affected products include: Synology Beestation Os, Synology Diskstation Manager.

Vulnerability Description

Improper certificate validation vulnerability in the update functionality in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to write limited files via unspecified vectors.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Synology	Beestation Os	1.0
Synology	Diskstation Manager	>= 6.2, < 6.2.4-25556-8

Related Weaknesses (CWE)

CWE-295

References

https://www.synology.com/en-global/security/advisory/Synology_SA_24_20Vendor Advisory
https://www.synology.com/en-global/security/advisory/Synology_SA_24_23Vendor Advisory

FAQ

What is CVE-2024-10445?

CVE-2024-10445 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Improper certificate validation vulnerability in the update functionality in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7...

How severe is CVE-2024-10445?

CVE-2024-10445 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-10445?

Check the references section above for vendor advisories and patch information. Affected products include: Synology Beestation Os, Synology Diskstation Manager.