Lucene search

[email protected]NVD:CVE-2024-41941

HistoryAug 13, 2024 - 8:15 a.m.

CVE-2024-41941

2024-08-1308:15:15

CWE-863

[email protected]

web.nvd.nist.gov

vulnerability

sinec nms

authorization checks

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

Percentile

14.6%

JSON

A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and modify settings in the application without authorization.

Affected configurations

Nvd

Node

siemenssinec_nmsRange<3.0

VendorProductVersionCPE
siemenssinec_nms*cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	sinec_nms	*	cpe:2.3:a:siemens:sinec_nms::::::::

References

cert-portal.siemens.com/productcert/html/ssa-784301.html

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

Percentile

14.6%

JSON

Related for NVD:CVE-2024-41941

vulnrichment1 cve1 cvelist1 ics1