CVE-2024-23811 HIGH

CVE-2024-23811

Vendor Siemens
Product SINEC NMS
Weakness CWE-434 · Unrestricted file upload
Published February 13, 2024
Last update August 27, 2024

CVSS base score

8.8/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

What the vulnerability does

01Description

A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application allows users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious firmware images or other files, that could potentially lead to remote code execution.

Key dates

02Disclosure timeline

February 13, 2024 CVE published
August 27, 2024 Record updated