A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application exposes an endpoint that allows an unauthorized modification of administrative credentials. This could allow an unauthenticated attacker to reset the superadmin password and gain full control of the application (ZDI-CAN-26569).
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XSiemens Sinec Nms
APPSiemens< 4.0
Related vulnerabilities
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...
Siemens SINEC NMS — wykonanie poleceń OS z podwyższonymi uprawnieniami
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system conta...
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allow...
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass u...