CVE-2024-25660 Unauthorized File Operations Due to Improper Permissions in TNMS WebDAV Service
Public disclosure |
03-06-2025 |
|---|---|
Last updated |
03-06-2025 |
Vulnerability type |
CWE-266: Incorrect Privilege Assignment |
CVSS vector |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |
CVSS score |
9 |
Description
The WebDAV service in Infinera TNMS (Transcend Network Management System) contains a vulnerability that allows a low-privileged remote attacker to perform unauthorized file operations. This flaw could potentially lead to unauthorized access and manipulation of files within the system.
Affected products and versions
All versions of TNMS up to TNMS V21.10 release.
Mitigation plan
Fix has been provided on top of TNMS V21.10 onwards.
References
Change history : Initial version is published on 03-06-2025