← Volver a CVEs
CVE-2024-38878
HIGH7.2
Descripcion
A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system.
Detalles CVE
Puntuacion CVSS v3.17.2
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosHIGH
Interaccion usuarioNONE
Publicado8/2/2024
Ultima modificacion11/3/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
siemens:omnivise_t3000_application_server
Debilidades (CWE)
CWE-22
Referencias
https://cert-portal.siemens.com/productcert/html/ssa-857368.html(productcert@siemens.com)
http://seclists.org/fulldisclosure/2024/Nov/5(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.