CVE-2024-47808

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 12, 2024
Updated: Nov 13, 2024
CWE ID 732

Summary

CVE-2024-47808 is a newly discovered vulnerability affecting SINEC NMS versions below V3.0 SP1. This issue arises from a database function in the application that fails to adequately restrict user permissions. As a result, an authenticated attacker with medium privileges can exploit this vulnerability and write arbitrary content to any location on the host system's filesystem. This poses a significant risk for data breaches and unauthorized system modifications. It is highly recommended for users to upgrade to the latest software version as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share