SINEC NMS <V3.0 LPE via NT AUTHORITY\SYSTEM
CVE-2024-36398 Published on August 13, 2024
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application executes a subset of its services as `NT AUTHORITY\SYSTEM`. This could allow a local attacker to execute operating system commands with elevated privileges.
Weakness Type
Execution with Unnecessary Privileges
The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
Products Associated with CVE-2024-36398
Want to know whenever a new CVE is published for Siemens Sinec Nms? stack.watch will email you.
Affected Versions
Siemens SINEC NMS:- Before V3.0 is affected.
- Before 3.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.