CVE-2024-47808

Name of the Vulnerable Software and Affected Versions SINEC NMS versions prior to V3.0 SP1

Description A vulnerability has been identified in the affected application, which contains a database function that does not properly restrict the permissions of users to write to the filesystem of the host system. This could allow an authenticated medium-privileged attacker to write arbitrary content to any location in the filesystem of the host system. The issue is related to the incorrect assignment of permissions for a critical resource, allowing an attacker to record arbitrary data in any location of the host's file system.

Recommendations For versions prior to V3.0 SP1, update to the latest version immediately to stay protected. As a temporary workaround, consider restricting access to the database function to minimize the risk of exploitation. Avoid using the vulnerable database function until the issue is resolved.