Search criteria
4 vulnerabilities found for application_security_gateway_firmware by netentsec
CVE-2024-28521 (GCVE-0-2024-28521)
Vulnerability from nvd – Published: 2024-03-21 00:00 – Updated: 2024-08-28 14:28
VLAI?
Summary
SQL Injection vulnerability in Netcome NS-ASG Application Security Gateway v.6.3.1 allows a local attacker to execute arbitrary code and obtain sensitive information via a crafted script to the loginid parameter of the /singlelogin.php component.
Severity ?
7.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:56:57.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/aknbg1thub/cve/blob/main/sql.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netcome:ns-asg:6.3.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ns-asg",
"vendor": "netcome",
"versions": [
{
"status": "affected",
"version": "6.3.1"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-28521",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-22T17:52:04.333013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T14:28:06.875Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in Netcome NS-ASG Application Security Gateway v.6.3.1 allows a local attacker to execute arbitrary code and obtain sensitive information via a crafted script to the loginid parameter of the /singlelogin.php component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-21T21:11:28.628146",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/aknbg1thub/cve/blob/main/sql.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-28521",
"datePublished": "2024-03-21T00:00:00",
"dateReserved": "2024-03-08T00:00:00",
"dateUpdated": "2024-08-28T14:28:06.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-7161 (GCVE-0-2023-7161)
Vulnerability from nvd – Published: 2023-12-29 08:00 – Updated: 2024-08-02 08:50
VLAI?
Title
Netentsec NS-ASG Application Security Gateway Login sql injection
Summary
A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file index.php?para=index of the component Login. The manipulation of the argument check_VirtualSiteId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249183.
Severity ?
7.3 (High)
7.3 (High)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Netentsec | NS-ASG Application Security Gateway |
Affected:
6.3.1
|
Credits
fixitc (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:50:08.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.249183"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.249183"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/fixitc/cve/blob/main/sql.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Login"
],
"product": "NS-ASG Application Security Gateway",
"vendor": "Netentsec",
"versions": [
{
"status": "affected",
"version": "6.3.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "fixitc (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file index.php?para=index of the component Login. The manipulation of the argument check_VirtualSiteId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249183."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Netentsec NS-ASG Application Security Gateway 6.3.1 entdeckt. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei index.php?para=index der Komponente Login. Dank der Manipulation des Arguments check_VirtualSiteId mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T08:00:05.846Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.249183"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.249183"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/fixitc/cve/blob/main/sql.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-28T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-12-28T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-12-28T15:55:30.000Z",
"value": "VulDB entry last update"
}
],
"title": "Netentsec NS-ASG Application Security Gateway Login sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-7161",
"datePublished": "2023-12-29T08:00:05.846Z",
"dateReserved": "2023-12-28T14:49:57.264Z",
"dateUpdated": "2024-08-02T08:50:08.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28521 (GCVE-0-2024-28521)
Vulnerability from cvelistv5 – Published: 2024-03-21 00:00 – Updated: 2024-08-28 14:28
VLAI?
Summary
SQL Injection vulnerability in Netcome NS-ASG Application Security Gateway v.6.3.1 allows a local attacker to execute arbitrary code and obtain sensitive information via a crafted script to the loginid parameter of the /singlelogin.php component.
Severity ?
7.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:56:57.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/aknbg1thub/cve/blob/main/sql.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netcome:ns-asg:6.3.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ns-asg",
"vendor": "netcome",
"versions": [
{
"status": "affected",
"version": "6.3.1"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-28521",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-22T17:52:04.333013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T14:28:06.875Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in Netcome NS-ASG Application Security Gateway v.6.3.1 allows a local attacker to execute arbitrary code and obtain sensitive information via a crafted script to the loginid parameter of the /singlelogin.php component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-21T21:11:28.628146",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/aknbg1thub/cve/blob/main/sql.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-28521",
"datePublished": "2024-03-21T00:00:00",
"dateReserved": "2024-03-08T00:00:00",
"dateUpdated": "2024-08-28T14:28:06.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-7161 (GCVE-0-2023-7161)
Vulnerability from cvelistv5 – Published: 2023-12-29 08:00 – Updated: 2024-08-02 08:50
VLAI?
Title
Netentsec NS-ASG Application Security Gateway Login sql injection
Summary
A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file index.php?para=index of the component Login. The manipulation of the argument check_VirtualSiteId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249183.
Severity ?
7.3 (High)
7.3 (High)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Netentsec | NS-ASG Application Security Gateway |
Affected:
6.3.1
|
Credits
fixitc (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:50:08.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.249183"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.249183"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/fixitc/cve/blob/main/sql.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Login"
],
"product": "NS-ASG Application Security Gateway",
"vendor": "Netentsec",
"versions": [
{
"status": "affected",
"version": "6.3.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "fixitc (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file index.php?para=index of the component Login. The manipulation of the argument check_VirtualSiteId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249183."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Netentsec NS-ASG Application Security Gateway 6.3.1 entdeckt. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei index.php?para=index der Komponente Login. Dank der Manipulation des Arguments check_VirtualSiteId mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T08:00:05.846Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.249183"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.249183"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/fixitc/cve/blob/main/sql.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-28T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-12-28T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-12-28T15:55:30.000Z",
"value": "VulDB entry last update"
}
],
"title": "Netentsec NS-ASG Application Security Gateway Login sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-7161",
"datePublished": "2023-12-29T08:00:05.846Z",
"dateReserved": "2023-12-28T14:49:57.264Z",
"dateUpdated": "2024-08-02T08:50:08.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}