CVE-2024-36398

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Aug 13, 2024

Updated: Aug 14, 2024

CWE ID 250

Summary

CVE-2024-36398 is a newly identified cybersecurity vulnerability affecting SINEC NMS versions below V3.0. The issue lies in the way certain services within the application are executed, which run as `NT AUTHORITY\\SYSTEM`. This elevated privilege allows a local attacker to execute operating system commands, potentially leading to significant system compromise. Users of SINEC NMS are advised to upgrade to the latest version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wI9tsi
https://www.cve.org/CVERecord?id=CVE-2024-36398
https://nvd.nist.gov/vuln/detail/CVE-2024-36398

Back to Vulnerability Database

CVE-2024-36398

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations