CVE-2024-23811

CWE-434Unrestricted File Upload3 documents3 sources
Severity
8.8HIGH
EPSS
1.5%
top 18.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Siemens Sinec NMS
Timeline
PublishedFeb 13

Description

A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application allows users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious firmware images or other files, that could potentially lead to remote code execution.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5siemens/sinec_nms< V2.0 SP1
NVDsiemens/sinec_nms< 2.0+1

🔴Vulnerability Details

2
CVEList
CVE-2024-23811: A vulnerability has been identified in SINEC NMS (All versions < V22024-02-13
GHSA
GHSA-vmw7-gx6r-25fh: A vulnerability has been identified in SINEC NMS (All versions < V22024-02-13
CVE-2024-23811 (HIGH CVSS 8.8) | A vulnerability has been identified | cvebase.io