CVE-2024-36398

Name of the Vulnerable Software and Affected Versions: SINEC NMS versions prior to V3.0

Description: A vulnerability has been identified in the affected application, which executes a subset of its services as NT AUTHORITYSYSTEM. This could allow a local attacker to execute operating system commands with elevated privileges. The issue is related to insufficient privilege separation, which may enable an attacker to execute arbitrary commands.

Recommendations: For versions prior to V3.0, update to version V3.0 or later to resolve the issue. As a temporary workaround, consider restricting the privileges of the services executed as NT AUTHORITYSYSTEM to minimize the risk of exploitation.