Privilege Escalation Vulnerability in Enigma NMS 65.0.0 and Prior

Privilege Escalation Vulnerability in Enigma NMS 65.0.0 and Prior

CVE-2019-16071 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Enigma NMS 65.0.0 and prior allows administrative users to create low-privileged accounts that do not have the ability to modify any settings in the system, only view the components. However, it is possible for a low-privileged user to perform all actions as an administrator by bypassing authorization controls and sending requests to the server in the context of an administrator.

Learn more about our Cis Benchmark Audit For Server Software.