CVE-2024-23811

Summary

A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application allows users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious firmware images or other files, that could potentially lead to remote code execution.

Affected Software

VendorProductVersion RangeStatus
SiemensSINEC NMS0 < V2.0 SP1affected

Weaknesses

  • CWE-434: CWE-434: Unrestricted Upload of File with Dangerous Type

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References