Arbitrary Command Execution via Firmware Container Import in SINEC NMS

Arbitrary Command Execution via Firmware Container Import in SINEC NMS

CVE-2021-33729 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker that is able to import firmware containers to an affected system could execute arbitrary commands in the local database.

Learn more about our Web Application Penetration Testing UK.