CVE-2024-25659

HIGH

Nokia Transcend Network Management System - Path Traversal

Title source: rule

Description

In Infinera TNMS (Transcend Network Management System) 19.10.3, an insecure default configuration of the internal SFTP server on Linux servers allows remote attacker to access files and directories outside the SFTP user home directory.

References (1)

[Third Party Advisory] https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25659

Scores

CVSS v3 7.2

EPSS 0.0067

EPSS Percentile 70.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-22

Status published

Affected Products (1)

nokia/transcend_network_management_system

Timeline

Published Oct 01, 2024

Tracked Since Feb 18, 2026