Main Vulnerability Database Vulnerabilities #VU61226

#VU61226 Improper Privilege Management in SINEC NMS - CVE-2022-25311

Published: March 10, 2022

Vulnerability identifier: #VU61226

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-25311

CWE-ID: CWE-269

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
SINEC NMS

Software vendor:
Siemens

Description

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to the affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. A local user can escalate privileges.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://cert-portal.siemens.com/productcert/pdf/ssa-250085.pdf

#VU61226 Improper Privilege Management in SINEC NMS - CVE-2022-25311

Description

Remediation

External links

Please verify you're human