CVE-2024-25661 – CVE-2024-25661 allows guest OS administrators o... (How to Fix)

Q: What is the severity of CVE-2024-25661?

CVE-2024-25661 has a CVSS score of 7.7 (HIGH). CVE-2024-25661 allows guest OS administrators on systems running Infinera TNMS Client 19.10.3 to extract user passwords from memory dumps due to cleartext storage. This affects organizations using Infinera's Transcend Network Management System where TNMS Client desktop applications are deployed on shared or multi-user systems.

📋 TL;DR

CVE-2024-25661 allows guest OS administrators on systems running Infinera TNMS Client 19.10.3 to extract user passwords from memory dumps due to cleartext storage. This affects organizations using Infinera's Transcend Network Management System where TNMS Client desktop applications are deployed on shared or multi-user systems.

💻 Affected Systems

Products:

Infinera Transcend Network Management System (TNMS) Client

Versions: 19.10.3 (specific version confirmed; other versions may be affected but not documented)

Operating Systems: Windows, Linux, Any OS running TNMS Client

Default Config Vulnerable: ⚠️ Yes

Notes: Affects desktop application memory handling; requires local OS administrator or equivalent access to read process memory.

📦 What is this software?

Transcend Network Management System by Nokia

View all CVEs affecting Transcend Network Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative credentials for TNMS, potentially compromising entire network management infrastructure, modifying configurations, disrupting services, or accessing sensitive network data.

🟠

Likely Case

Local attackers or malicious insiders with guest OS access steal user passwords, leading to unauthorized TNMS access, privilege escalation within the management system, and potential lateral movement.

🟢

If Mitigated

With proper access controls and memory protection, risk reduces to isolated credential theft requiring physical or administrative access to client machines.

🌐 Internet-Facing: LOW - This requires local access to client machines; the vulnerability itself doesn't expose services directly to the internet.

🏢 Internal Only: HIGH - Internal users with guest OS access on shared workstations can exploit this to steal credentials and escalate privileges within the management network.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local OS administrative privileges to dump process memory; tools like Process Explorer or debuggers can be used to extract cleartext passwords.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - Check Infinera advisories

Vendor Advisory: Not provided in CVE reference

Restart Required: Yes

Instructions:

1. Contact Infinera support for patch availability. 2. Apply any available security updates to TNMS Client. 3. Restart TNMS Client applications after patching.

🔧 Temporary Workarounds

Restrict Local Administrative Access

all

Limit guest OS administrator privileges on machines running TNMS Client to prevent memory dumping.

Use Group Policy (Windows) or sudoers (Linux) to restrict administrative access

Isolate TNMS Client Workstations

all

Deploy TNMS Client on dedicated, single-user workstations with strict access controls.

🧯 If You Can't Patch

Implement strict access controls: Only allow trusted users with necessary privileges to access TNMS Client machines.
Monitor for suspicious memory dumping activities using endpoint detection tools and audit local administrative actions.

🔍 How to Verify

Check if Vulnerable:

Check TNMS Client version: If running 19.10.3, assume vulnerable. Test by running memory analysis tools (with proper authorization) to check for cleartext passwords in TNMS Client process memory.

Check Version:

Check application version in TNMS Client interface or installation directory properties.

Verify Fix Applied:

After patching, verify no cleartext passwords appear in TNMS Client memory dumps using the same testing method.

📡 Detection & Monitoring

Log Indicators:

Unusual process memory access events
Multiple failed login attempts followed by successful logins from new locations
Administrative actions from unexpected user accounts

Network Indicators:

TNMS authentication from unexpected IP addresses
Unusual management traffic patterns

SIEM Query:

ProcessName="TNMS Client" AND (EventID=4688 OR EventID=4104) AND CommandLine CONTAINS "procexp" OR "windbg" OR "gdb"

📊 Metadata

CVE ID: CVE-2024-25661

CVSS v3 Score: 7.7 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-312

Published: October 1, 2024

Last Updated: July 10, 2025

🔗 References

https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25661 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-25661, you might also want to check these: