CVE-2024-31978: Path Traversal
First published: Tue Apr 09 2024(Updated: )
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP2). Affected devices allow authenticated users to export monitoring data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download files from the file system. Under certain circumstances the downloaded files are deleted from the file system.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens SINEC NMS SP1 Update 1 | <2.0 SP2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-31978?
CVE-2024-31978 is considered a high-severity vulnerability due to its potential to expose sensitive files on the system.
How do I fix CVE-2024-31978?
To fix CVE-2024-31978, update SINEC NMS to version 2.0 SP2 or later to mitigate the path traversal issue.
Who is affected by CVE-2024-31978?
CVE-2024-31978 affects all versions of SINEC NMS that are below version 2.0 SP2.
What type of attack does CVE-2024-31978 facilitate?
CVE-2024-31978 facilitates authenticated path traversal attacks, allowing attackers to download files from the file system.
Is authentication required to exploit CVE-2024-31978?
Yes, an authenticated user is required to exploit CVE-2024-31978, which increases the risk if user credentials are compromised.
- agent/references
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/description
- collector/nvd-api
- source/NVD
- agent/author
- agent/severity
- agent/event
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/siemens
- canonical/siemens sinec nms sp1 update 1