CVE-2024-25661

In Infinera TNMS (Transcend Network Management System) 19.10.3, cleartext storage of sensitive information in memory of the desktop application TNMS Client allows guest OS administrators to obtain various users' passwords by reading memory dumps of the desktop application.

CVSS v3 7.7 HIGH

7.7^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.1 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25661

Configurations

No configuration.

History

04 Oct 2024, 13:51

Type	Values Removed	Values Added
Summary		(es) En Infinera TNMS (Transcend Network Management System) 19.10.3, el almacenamiento de texto plano de información confidencial en la memoria de la aplicación de escritorio TNMS Client permite a los administradores del sistema operativo invitado obtener las contraseñas de varios usuarios leyendo volcados de memoria de la aplicación de escritorio.

01 Oct 2024, 15:35

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.7
CWE		CWE-312

01 Oct 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-01 15:15

Updated : 2024-10-04 13:51

NVD link : CVE-2024-25661

Mitre link : CVE-2024-25661

CVE.ORG link : CVE-2024-25661

JSON object : View

Products Affected

No product.

CWE

CWE-312

Cleartext Storage of Sensitive Information

7.7 /10