Описание
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application allows users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious firmware images or other files, that could potentially lead to remote code execution.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.0 (исключая)
Одно из
cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_nms:2.0:-:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.01549
Низкий
8.8 High
CVSS3
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 8.8
github
почти 2 года назад
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application allows users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious firmware images or other files, that could potentially lead to remote code execution.
EPSS
Процентиль: 81%
0.01549
Низкий
8.8 High
CVSS3
Дефекты
CWE-434