PT-2024-21078 · Infinera · Infinera Tnms

Published

2024-10-01

Updated

2024-10-04

CVE-2024-25661

CVSS v3.1

7.7

High

Vector

AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Infinera TNMS version 19.10.3

Description The issue concerns the cleartext storage of sensitive information in the memory of the desktop application TNMS Client. This allows guest OS administrators to obtain various users' passwords by reading memory dumps of the desktop application.

Recommendations For Infinera TNMS version 19.10.3, consider restricting access to the TNMS Client desktop application to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the privileges of guest OS administrators to prevent them from reading memory dumps of the desktop application. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312

Related Identifiers

CVE-2024-25661

Affected Products

Infinera Tnms

PT-2024-21078 · Infinera · Infinera Tnms

CVE-2024-25661

Weakness Enumeration

Related Identifiers

Affected Products

References · 6