CVE-2024-25659
HIGHNokia Transcend Network Management System - Path Traversal
Title source: ruleDescription
In Infinera TNMS (Transcend Network Management System) 19.10.3, an insecure default configuration of the internal SFTP server on Linux servers allows remote attacker to access files and directories outside the SFTP user home directory.
References (1)
Core 1
Core References
Third Party Advisory
https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25659
Scores
CVSS v3
7.2
EPSS
0.0071
EPSS Percentile
48.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-22
Status
published
Products (1)
nokia/transcend_network_management_system
19.10.3
Published
Oct 01, 2024
Tracked Since
Feb 18, 2026