NMS Vulnerability Allows Local Attacker to Execute OS Commands with Elevated Privileges
CVE-2024-36398
7.8HIGH
Summary
A vulnerability has been discovered in the SINEC Network Management System (NMS), affecting all versions prior to V3.0. The issue arises from the application's execution of certain services with 'NT AUTHORITY\SYSTEM' privileges. This design flaw allows local attackers to potentially execute operating system commands, resulting in elevated privileges and unauthorized access to critical system functionalities. Addressing this vulnerability is essential to protect system integrity and prevent exploitation.
Affected Version(s)
SINEC NMS 0
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved