CVE-2024-41938

Name of the Vulnerable Software and Affected Versions SINEC NMS versions prior to V3.0

Description A path traversal vulnerability has been identified in the importCertificate function of the SINEC NMS Control web application. This could allow an authenticated attacker to delete arbitrary certificate files on the drive where SINEC NMS is installed.

Recommendations For versions prior to V3.0, consider disabling the importCertificate function until a patch is available to prevent potential exploitation. Restrict access to the SINEC NMS Control web application to minimize the risk of arbitrary certificate file deletion. At the moment, there is no information about a newer version that contains a fix for this vulnerability.