CVE-2024-23811

EPSS 1.55%
Veröffentlicht 13.02.2024 09:15:49
Zuletzt bearbeitet 21.11.2024 08:58:28
Quelle productcert@siemens.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application allows users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious firmware images or other files, that could potentially lead to remote code execution.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Siemens ≫ Sinec Nms Version < 2.0

Siemens ≫ Sinec Nms Version2.0 Update-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.55%	0.808

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
productcert@siemens.com	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://cert-portal.siemens.com/productcert/html/ssa-943925.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-23811

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-23811

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-23811

EUVD