Lucene search

[email protected]NVD:CVE-2024-41939

HistoryAug 13, 2024 - 8:15 a.m.

CVE-2024-41939

2024-08-1308:15:14

CWE-863

[email protected]

web.nvd.nist.gov

sinec nms

authorization checks

privilege elevation

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

18.9%

JSON

A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and elevate their privileges on the application.

Affected configurations

Nvd

Node

siemenssinec_nmsRange<3.0

VendorProductVersionCPE
siemenssinec_nms*cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	sinec_nms	*	cpe:2.3:a:siemens:sinec_nms::::::::

References

cert-portal.siemens.com/productcert/html/ssa-784301.html

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

18.9%

JSON

Related for NVD:CVE-2024-41939

cvelist1 vulnrichment1 cve1 ics1