CVE-2024-25658

Name of the Vulnerable Software and Affected Versions Infinera TNMS Server version 19.10.3

Description The issue allows attackers with access to the database or exported configuration files to obtain SNMP users' usernames and passwords in cleartext. This occurs due to the cleartext storage of passwords in the Infinera TNMS Server.

Recommendations For version 19.10.3, consider restricting access to the database and exported configuration files to minimize the risk of exploitation. As a temporary workaround, restrict the use of SNMP until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.