CVE-2024-41940

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Aug 13, 2024

Updated: Aug 14, 2024

CWE ID 20

Summary

CVE-2024-41940 is a recently disclosed vulnerability affecting SINEC NMS versions prior to V3.0. The issue lies in the application's failure to adequately validate user input to a privileged command queue. As a result, an authenticated attacker can manipulate input and execute potentially harmful OS commands with elevated privileges. This puts sensitive data and system functionality at risk. System administrators are advised to upgrade to the latest version of SINEC NMS as soon as possible to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xNkZgn
https://www.cve.org/CVERecord?id=CVE-2024-41940
https://nvd.nist.gov/vuln/detail/CVE-2024-41940

Back to Vulnerability Database

CVE-2024-41940

CVSS 3.1 Score 9.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations