SINEC NMS < V2.0 SP1: Arbitrary File Upload via TFTP RCE
CVE-2024-23811 Published on February 13, 2024
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application allows users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious firmware images or other files, that could potentially lead to remote code execution.
Weakness Type
What is an Unrestricted File Upload Vulnerability?
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
CVE-2024-23811 has been classified to as an Unrestricted File Upload vulnerability or weakness.
Products Associated with CVE-2024-23811
Want to know whenever a new CVE is published for Siemens Sinec Nms? stack.watch will email you.
Affected Versions
Siemens SINEC NMS:- Before V2.0 SP1 is affected.
- Before V2.0 SP1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.