CVE-2024-25658

{"id": "CVE-2024-25658", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2024-10-01T15:15:07.640", "references": [{"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25658", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "Cleartext storage of passwords in Infinera TNMS (Transcend Network Management System) Server 19.10.3 allows attackers (with access to the database or exported configuration files) to obtain SNMP users' usernames and passwords in cleartext."}, {"lang": "es", "value": "El almacenamiento de contrase\u00f1as en texto plano en Infinera TNMS (Transcend Network Management System) Server 19.10.3 permite a los atacantes (con acceso a la base de datos o a los archivos de configuraci\u00f3n exportados) obtener los nombres de usuario y las contrase\u00f1as de los usuarios de SNMP en texto plano."}], "lastModified": "2025-07-10T21:02:14.660", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nokia:transcend_network_management_system:19.10.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42FE0264-3340-4791-A36C-6054AD9CDEE2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}