Auth Escalation via Command Injection in SINEC NMS pre-3.0
CVE-2024-41940 Published on August 13, 2024
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges.
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2024-41940
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-41940 are published in Siemens Sinec Nms:
Affected Versions
Siemens SINEC NMS:- Before V3.0 is affected.
- Before 3.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.