CVE-2024-23811
Published Feb 13, 2024
Last updated a month ago
Overview
- Description
- A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application allows users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious firmware images or other files, that could potentially lead to remote code execution.
- Source
- productcert@siemens.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- productcert@siemens.com
- CWE-434
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7F0A543-38E1-48B9-A984-259081E49EAA",
"versionEndExcluding": "2.0"
},
{
"criteria": "cpe:2.3:a:siemens:sinec_nms:2.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "631E4756-904C-4B57-A991-76BA59D7B901"
}
],
"operator": "OR"
}
]
}
]