Unauthorized Access to Modify Application Settings in SINEC NMS

CVE-2024-41941

4.3MEDIUM

Key Information

Vendor
Siemens
Status
Sinec Nms
Vendor
CVE Published:
13 August 2024

Summary

A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and modify settings in the application without authorization.

Affected Version(s)

SINEC NMS < 0

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.