Sinec Nms
CVE-2021-33724
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system contains an Arbitrary File Deletion vulnerability that possibly allows to delete an arbitrary file or directory under a user controlled path.
AnalysisAI
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system contains an Arbitrary File Deletion vulnerability that possibly allows to delete an arbitrary file or directory under a user controlled path. Affected products include: Siemens Sinec Nms.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.4.4
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could
A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application exposes an endpoint tha
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). Rated critical severity (CVSS 9.8), this vul
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. Rated critical severity (CVSS 9.8),
A vulnerability has been identified in SINEC NMS (All versions < V3.0). Rated critical severity (CVSS 9.4), this vulnera
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated critical severity (CVSS 9.1),
A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly valid
A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly valid
A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected devices are vulnerable to SQL injec
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). Rated high severity (CVSS 8.8), this vulnera
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). Rated high severity (CVSS 8.8), this vulnera
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today