In Infinera TNMS (Transcend Network Management System) 19.10.3, an insecure default configuration of the internal SFTP server on Linux servers allows remote attacker to access files and directories outside the SFTP user home directory.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HNokia Transcend Network Management System
APPNokia19.10.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
References
Related vulnerabilities
CVE-2024-25660CRITICAL9.0PL ✓ten sam produkt
Nieautoryzowane operacje na plikach przez WebDAV w Nokia/Infinera TNMS
CVE-2024-25661HIGH7.7ten sam produkt
In Infinera TNMS (Transcend Network Management System) 19.10.3, cleartext storage of sensitive information in ...
CVE-2024-25658MEDIUM6.5ten sam produkt
Cleartext storage of passwords in Infinera TNMS (Transcend Network Management System) Server 19.10.3 allows at...
CVE-2025-27019CRITICAL9.8PL ✓ten sam vendor
Nokia Infinera MTC-9: dostęp bez hasła przez usługę RSH umożliwia reverse shell
CVE-2025-27020CRITICAL9.8PL ✓ten sam vendor
Pominięcie uwierzytelnienia SSH w Nokia Infinera MTC-9 umożliwia RCE