4.3

CVE-2024-10445

Improper certificate validation vulnerability in the update functionality in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to write limited files via unspecified vectors.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorSynology
Product DiskStation Manager (DSM)
Default Statusaffected
Version < 7.2.2-72806-1
Version 7.2.2
Status affected
Version < 7.2.1-69057-6
Version 7.2.1
Status affected
Version < 7.2-64570-4
Version 7.2
Status affected
Version < 7.1.1-42962-7
Version 7.1
Status affected
Version < 6.2.4-25556-8
Version 6.2
Status affected
Version < 6.2
Version 0
Status unknown
VendorSynology
Product BeeStation OS (BSM)
Default Statusaffected
Version < 1.1-65374
Version 1.1
Status affected
Version < 1.1-65374
Version 1.0
Status affected
Version < 1.0
Version 0
Status unknown
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.02% 0.046
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
security@synology.com 4.3 2.8 1.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.