In Infinera TNMS (Transcend Network Management System) 19.10.3, cleartext storage of sensitive information in memory of the desktop application TNMS Client allows guest OS administrators to obtain various users' passwords by reading memory dumps of the desktop application.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:HNokia Transcend Network Management System
APPNokia19.10.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References
Related vulnerabilities
CVE-2024-25660CRITICAL9.0PL ✓ten sam produkt
Nieautoryzowane operacje na plikach przez WebDAV w Nokia/Infinera TNMS
CVE-2024-25659HIGH7.2ten sam produkt
In Infinera TNMS (Transcend Network Management System) 19.10.3, an insecure default configuration of the inter...
CVE-2024-25658MEDIUM6.5ten sam produkt
Cleartext storage of passwords in Infinera TNMS (Transcend Network Management System) Server 19.10.3 allows at...
CVE-2025-27019CRITICAL9.8PL ✓ten sam vendor
Nokia Infinera MTC-9: dostęp bez hasła przez usługę RSH umożliwia reverse shell
CVE-2025-27020CRITICAL9.8PL ✓ten sam vendor
Pominięcie uwierzytelnienia SSH w Nokia Infinera MTC-9 umożliwia RCE