CVE-2024-41940

Name of the Vulnerable Software and Affected Versions: SINEC NMS versions prior to V3.0

Description: The issue is related to insufficient validation of user input, which could allow an authenticated attacker to execute OS commands with elevated privileges. This is due to the affected application not properly validating user input to a privileged command queue.

Recommendations: For versions prior to V3.0, update to version V3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the privileged command queue until a patch is available. Avoid using the vulnerable command queue in the affected application until the issue is resolved.