CVE-2022-25311

CVSS 7.3 HIGHEPSS 0.5%CWE-269

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 7.3EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

08 mar 2022Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user to achieve privilege escalation.

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:T/RC:C

Productos afectados

Siemens · SINEC NMS Siemens · SINEMA Server V14

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://cert-portal.siemens.com/productcert/pdf/ssa-250085.pdf