CVE-2024-25659

{"id": "CVE-2024-25659", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-10-01T16:15:09.363", "references": [{"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25659", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "In Infinera TNMS (Transcend Network Management System) 19.10.3, an insecure default configuration of the internal SFTP server on Linux servers allows remote attacker to access files and directories outside the SFTP user home directory."}, {"lang": "es", "value": "En Infinera TNMS (Transcend Network Management System) 19.10.3, una configuraci\u00f3n predeterminada insegura del servidor SFTP interno en servidores Linux permite a un atacante remoto acceder a archivos y directorios fuera del directorio de inicio del usuario SFTP."}], "lastModified": "2025-07-03T14:36:51.743", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nokia:transcend_network_management_system:19.10.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42FE0264-3340-4791-A36C-6054AD9CDEE2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}