4 matches found
CVE-2024-25660
CVE-2024-25660 concerns Infinera TNMS 19.10.3 where the WebDAV service can be abused by a low-privileged, remote attacker to perform unauthorized file operations. The root cause is the service executing with unnecessary privileges, enabling impact on confidentiality, integrity, and availability. ...
CVE-2024-25659
Infinera TNMS (Transcend Network Management System) version 19.10.3 is affected by an insecure default configuration of the internal SFTP server on Linux, which can allow a remote attacker to access files and directories outside the SFTP user home directory. The CVE-2024-25659 entry notes a netwo...
CVE-2024-25658
Summary : CVE-2024-25658 affects Infinera TNMS Server 19.10.3, where passwords are stored in cleartext, allowing attackers with access to the database or exported configuration files to obtain SNMP usernames and passwords. Affected product/details : Infinera Transcend Network Management System (T...
CVE-2024-25661
Infinera TNMS 19.10.3 is affected by CVE-2024-25661 due to cleartext storage of sensitive information in memory of the TNMS Client desktop app. This allows guest OS administrators to obtain user passwords by reading memory dumps. The vulnerability is local with high impact on confidentiality, int...