HIGH🇵🇱 Wersja polska

CVE-2024-25659

CVSS 7.2v3.1pub. 2024-10-01upd. 2025-07-03

In Infinera TNMS (Transcend Network Management System) 19.10.3, an insecure default configuration of the internal SFTP server on Linux servers allows remote attacker to access files and directories outside the SFTP user home directory.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Nokia Transcend Network Management System

    APP
    Nokia
    19.10.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2024-25660CRITICAL9.0PL ✓ten sam produkt

Nieautoryzowane operacje na plikach przez WebDAV w Nokia/Infinera TNMS

CVE-2024-25661HIGH7.7ten sam produkt

In Infinera TNMS (Transcend Network Management System) 19.10.3, cleartext storage of sensitive information in ...

CVE-2024-25658MEDIUM6.5ten sam produkt

Cleartext storage of passwords in Infinera TNMS (Transcend Network Management System) Server 19.10.3 allows at...

CVE-2025-27019CRITICAL9.8PL ✓ten sam vendor

Nokia Infinera MTC-9: dostęp bez hasła przez usługę RSH umożliwia reverse shell

CVE-2025-27020CRITICAL9.8PL ✓ten sam vendor

Pominięcie uwierzytelnienia SSH w Nokia Infinera MTC-9 umożliwia RCE