Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2024-23811

A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application allows users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious firmware images or other files, that could potentially lead to remote code execution.

  • Published: Feb 13, 2024
  • Updated: Feb 14, 2024
  • CVE: CVE-2024-23811
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 8.8
  • AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

Software From Fixed in
siemens / sinec_nms - 2.0
siemens / sinec_nms 2.0 2.0.x