CVE-2024-31978

CWE-22Path Traversal3 documents3 sources
Severity
7.6HIGH
EPSS
0.2%
top 59.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Siemens Sinec NMS
Timeline
PublishedApr 9

Description

A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP2). Affected devices allow authenticated users to export monitoring data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download files from the file system. Under certain circumstances the downloaded files are deleted from the file system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:HExploitability: 2.8 | Impact: 4.7

Affected Packages1 packages

CVEListV5siemens/sinec_nms< V2.0 SP2

🔴Vulnerability Details

2
CVEList
CVE-2024-31978: A vulnerability has been identified in SINEC NMS (All versions < V22024-04-09
GHSA
GHSA-qvqf-5w2r-xjgr: A vulnerability has been identified in SINEC NMS (All versions < V22024-04-09
CVE-2024-31978 (HIGH CVSS 7.6) | A vulnerability has been identified | cvebase.io