PT-2024-8109 · Unknown · Sinec Traffic Analyzer

Published

2024-08-13

Updated

2024-08-17

CVE-2024-41903

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: SINEC Traffic Analyzer versions prior to V2.0

Description: The issue is related to insecure privilege management in the SINEC Traffic Analyzer, which can allow a remote attacker to modify the container's filesystem, leading to unauthorized modifications and data corruption. The affected application mounts the container's root filesystem with read and write privileges.

Recommendations: For versions prior to V2.0, update to version V2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the container's root filesystem to minimize the risk of exploitation.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

BDU:2024-09637

CVE-2024-41903

Affected Products

Sinec Traffic Analyzer

PT-2024-8109 · Unknown · Sinec Traffic Analyzer

CVE-2024-41903

Weakness Enumeration

Related Identifiers

Affected Products

References · 8