exploitDog

CVE-2024-41938

Опубликовано: 13 авг. 2024

Источник: nvd

CVSS3: 5.5

CVSS3: 3.8

EPSS Низкий

Описание

A vulnerability has been identified in SINEC NMS (All versions < V3.0). The importCertificate function of the SINEC NMS Control web application contains a path traversal vulnerability. This could allow an authenticated attacker it to delete arbitrary certificate files on the drive SINEC NMS is installed on.

Ссылки

https://cert-portal.siemens.com/productcert/html/ssa-784301.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*

Версия до 3.0 (исключая)

EPSS

Процентиль: 37%

0.00157

Низкий

5.5 Medium

CVSS3

3.8 Low

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-jv74-c838-vcpf

CVSS3: 5.5

github

больше 1 года назад

A vulnerability has been identified in SINEC NMS (All versions < V3.0). The importCertificate function of the SINEC NMS Control web application contains a path traversal vulnerability. This could allow an authenticated attacker it to delete arbitrary certificate files on the drive SINEC NMS is installed on.

EPSS

Процентиль: 37%

0.00157

Низкий

5.5 Medium

CVSS3

3.8 Low

CVSS3

Дефекты

CWE-22