PT-2022-17204 · Siemens · Sinec Nms+1
Published
2022-03-08
·
Updated
2023-10-10
·
CVE-2022-25311
CVSS v3.1
7.3
High
| Vector | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SINEC NMS versions 1.0.3 and later through versions prior to 2.0
SINEC NMS versions prior to 1.0.3
SINEMA Server V14 (all versions)
Description
The issue arises from the affected software's failure to properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low-privileged user to achieve privilege escalation.
Recommendations
For SINEC NMS versions 1.0.3 and later through versions prior to 2.0, update to a version that properly checks privileges between users.
For SINEC NMS versions prior to 1.0.3, update to a version that properly checks privileges between users.
For SINEMA Server V14, update to a version that properly checks privileges between users.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sinec Nms
Sinema Server