CVE-2024-47808 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-47808 PUBLISHED CVSS 8.399999618530273 HIGH

A vulnerability has been identified in SINEC NMS (All versions < V3.0 SP1). The affected application contains a database function, that does not properly restrict the permissions of users to write to the filesystem of the host system. This could allow an authenticated medium-privileged attacker to write arbitrary content to any location in the filesystem of the host system.

EPSS 0.08% · 23.8th percentile

Risk Scores

CVSS v3.1

8.399999618530273

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:P/RL:O/RC:C

EPSS Score

0.08%

23.8th percentile

Affected Products

Vendor	Product	Versions
Siemens	SINEC NMS	0
siemens	sinec_nms	0, 3.0
siemens	sinec_nms	0

Timeline

Nov 12, 2024 Coalition ESS Score
Nov 12, 2024 CVE Published
Nov 12, 2024 PoC Published
Nov 12, 2024 PoC Published
Nov 13, 2024 EPSS Score
Nov 13, 2024 Coalition ESS Score
Nov 13, 2024 CVE Updated
Nov 14, 2024 PoC Published
Nov 30, 2024 EPSS Score
Dec 18, 2024 EPSS Score
Jan 4, 2025 EPSS Score
Jan 21, 2025 EPSS Score

References

Open in Interactive Console →