Vulnerability-Lookup

CVE-2023-49694 (GCVE-0-2023-49694)

Vulnerability from cvelistv5 – Published: 2023-11-29 22:47 – Updated: 2024-08-02 22:01

Title

NETGEAR ProSAFE Network Management System Privilege Escalation Via MySQL Server

Summary

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-284 - Improper Access Control

Assigner

tenable

References

URL

	Vendor	Product	Version
	NETGEAR	NETGEAR ProSAFE Network Management System	Affected: 0 , < 1.7.0.34 (custom)

VAR-202311-2124

Vulnerability from variot - Updated: 2024-08-14 13:41

A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM. of netgear ProSAFE Network Management System Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR is a router made by the American company NETGEAR. A hardware device that connects two or more networks and acts as a gateway between the networks.

There is an access control error vulnerability in versions before NETGEAR ProSAFE Network Management System v1.7.0.26. A remote attacker could exploit this vulnerability to escalate privileges

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202311-2124",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "prosafe network management system",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "netgear",
        "version": "1.7.0.31"
      },
      {
        "model": "prosafe network management system",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
        "version": "1.7.0.31"
      },
      {
        "model": "prosafe network management system",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
        "version": null
      },
      {
        "model": "prosafe network management system",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-97497"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-026365"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-49694"
      }
    ]
  },
  "cve": "CVE-2023-49694",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.1,
            "id": "CNVD-2023-97497",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2023-49694",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2023-49694",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2023-49694",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "vulnreport@tenable.com",
            "id": "CVE-2023-49694",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2023-49694",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2023-97497",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-97497"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-026365"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-49694"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-49694"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "\n\n\nA low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM. of netgear ProSAFE Network Management System Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR is a router made by the American company NETGEAR. A hardware device that connects two or more networks and acts as a gateway between the networks. \n\r\n\r\nThere is an access control error vulnerability in versions before NETGEAR ProSAFE Network Management System v1.7.0.26. A remote attacker could exploit this vulnerability to escalate privileges",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-49694"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-026365"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-97497"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-49694"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-49694",
        "trust": 3.3
      },
      {
        "db": "TENABLE",
        "id": "TRA-2023-39",
        "trust": 1.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-026365",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-97497",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-49694",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-97497"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-49694"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-026365"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-49694"
      }
    ]
  },
  "id": "VAR-202311-2124",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-97497"
      }
    ],
    "trust": 0.06
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-97497"
      }
    ]
  },
  "last_update_date": "2024-08-14T13:41:23.460000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for NETGEAR access control error vulnerability (CNVD-2023-9749744)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/496121"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-97497"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-284",
        "trust": 1.0
      },
      {
        "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-026365"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-49694"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "https://www.tenable.com/security/research/tra-2023-39"
      },
      {
        "trust": 1.9,
        "url": "https://kb.netgear.com/000065885/security-advisory-for-vertical-privilege-escalation-on-the-nms300-psv-2023-0127"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-49694"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-97497"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-49694"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-026365"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-49694"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-97497"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-49694"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-026365"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-49694"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-12-07T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-97497"
      },
      {
        "date": "2023-11-29T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-49694"
      },
      {
        "date": "2024-07-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-026365"
      },
      {
        "date": "2023-11-29T23:15:20.750000",
        "db": "NVD",
        "id": "CVE-2023-49694"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-12-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-97497"
      },
      {
        "date": "2023-11-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-49694"
      },
      {
        "date": "2024-07-17T01:59:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-026365"
      },
      {
        "date": "2023-12-05T01:54:34.097000",
        "db": "NVD",
        "id": "CVE-2023-49694"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "of netgear \u00a0ProSAFE\u00a0Network\u00a0Management\u00a0System\u00a0 Vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-026365"
      }
    ],
    "trust": 0.8
  }
}

CNVD-2023-97497

Vulnerability from cnvd - Published: 2023-12-07

Title

NETGEAR访问控制错误漏洞（CNVD-2023-9749744）

Description

NETGEAR是美国网件（NETGEAR）公司的一款路由器。连接两个或多个网络的硬件设备，在网络间起网关的作用。 NETGEAR ProSAFE Network Management System v1.7.0.26之前版本存在访问控制错误漏洞，该漏洞源于低权限操作系统用户可以在Tomcat Web应用程序目录中创建任意JSP文件，然后在SYSTEM的security上下文执行JSP文件。远程攻击者可利用该漏洞进行权限升级。

Severity

中

Patch Name

NETGEAR访问控制错误漏洞（CNVD-2023-9749744）的补丁

Patch Description

Formal description

厂商已提供漏洞修复方案，请关注厂商主页更新： https://kb.netgear.com/000065885/Security-Advisory-for-Vertical-Privilege-Escalation-on-the-NMS300-PSV-2023-0127

Reference

https://nvd.nist.gov/vuln/detail/CVE-2023-49694

Impacted products

Name
NETGEAR ProSAFE Network Management System <1.7.0.31

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-49694",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-49694"
    }
  },
  "description": "NETGEAR\u662f\u7f8e\u56fd\u7f51\u4ef6\uff08NETGEAR\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u8def\u7531\u5668\u3002\u8fde\u63a5\u4e24\u4e2a\u6216\u591a\u4e2a\u7f51\u7edc\u7684\u786c\u4ef6\u8bbe\u5907\uff0c\u5728\u7f51\u7edc\u95f4\u8d77\u7f51\u5173\u7684\u4f5c\u7528\u3002\n\nNETGEAR ProSAFE Network Management System v1.7.0.26\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4f4e\u6743\u9650\u64cd\u4f5c\u7cfb\u7edf\u7528\u6237\u53ef\u4ee5\u5728Tomcat Web\u5e94\u7528\u7a0b\u5e8f\u76ee\u5f55\u4e2d\u521b\u5efa\u4efb\u610fJSP\u6587\u4ef6\uff0c\u7136\u540e\u5728SYSTEM\u7684security\u4e0a\u4e0b\u6587\u6267\u884cJSP\u6587\u4ef6\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u6743\u9650\u5347\u7ea7\u3002",
  "formalWay": "\u5382\u5546\u5df2\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://kb.netgear.com/000065885/Security-Advisory-for-Vertical-Privilege-Escalation-on-the-NMS300-PSV-2023-0127",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-97497",
  "openTime": "2023-12-07",
  "patchDescription": "NETGEAR\u662f\u7f8e\u56fd\u7f51\u4ef6\uff08NETGEAR\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u8def\u7531\u5668\u3002\u8fde\u63a5\u4e24\u4e2a\u6216\u591a\u4e2a\u7f51\u7edc\u7684\u786c\u4ef6\u8bbe\u5907\uff0c\u5728\u7f51\u7edc\u95f4\u8d77\u7f51\u5173\u7684\u4f5c\u7528\u3002\r\n\r\nNETGEAR ProSAFE Network Management System v1.7.0.26\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4f4e\u6743\u9650\u64cd\u4f5c\u7cfb\u7edf\u7528\u6237\u53ef\u4ee5\u5728Tomcat Web\u5e94\u7528\u7a0b\u5e8f\u76ee\u5f55\u4e2d\u521b\u5efa\u4efb\u610fJSP\u6587\u4ef6\uff0c\u7136\u540e\u5728SYSTEM\u7684security\u4e0a\u4e0b\u6587\u6267\u884cJSP\u6587\u4ef6\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u6743\u9650\u5347\u7ea7\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "NETGEAR\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2023-9749744\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "NETGEAR ProSAFE Network Management System \u003c1.7.0.31"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2023-49694",
  "serverity": "\u4e2d",
  "submitTime": "2023-12-06",
  "title": "NETGEAR\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2023-9749744\uff09"
}

GSD-2023-49694

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-49694

Aliases

CVE-2023-49694

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-49694",
    "id": "GSD-2023-49694"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-49694"
      ],
      "details": "\n\n\nA low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM.\n\n\n\n",
      "id": "GSD-2023-49694",
      "modified": "2023-12-13T01:20:34.906936Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vulnreport@tenable.com",
        "ID": "CVE-2023-49694",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "NETGEAR ProSAFE Network Management System",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "0",
                          "version_value": "1.7.0.34"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "NETGEAR"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "\n\n\nA low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM.\n\n\n\n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-284",
                "lang": "eng",
                "value": "CWE-284: Improper Access Control"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.tenable.com/security/research/tra-2023-39",
            "refsource": "MISC",
            "url": "https://www.tenable.com/security/research/tra-2023-39"
          },
          {
            "name": "https://kb.netgear.com/000065885/Security-Advisory-for-Vertical-Privilege-Escalation-on-the-NMS300-PSV-2023-0127",
            "refsource": "MISC",
            "url": "https://kb.netgear.com/000065885/Security-Advisory-for-Vertical-Privilege-Escalation-on-the-NMS300-PSV-2023-0127"
          }
        ]
      },
      "solution": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nThe issue has been fixed in NMS300 version 1.7.0.31\n\n\u003cbr\u003e"
            }
          ],
          "value": "\nThe issue has been fixed in NMS300 version 1.7.0.31\n\n\n"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netgear:prosafe_network_management_system:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.7.0.31",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vulnreport@tenable.com",
          "ID": "CVE-2023-49694"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "\n\n\nA low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM.\n\n\n\n"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.tenable.com/security/research/tra-2023-39",
              "refsource": "",
              "tags": [
                "Exploit",
                "Vendor Advisory"
              ],
              "url": "https://www.tenable.com/security/research/tra-2023-39"
            },
            {
              "name": "https://kb.netgear.com/000065885/Security-Advisory-for-Vertical-Privilege-Escalation-on-the-NMS300-PSV-2023-0127",
              "refsource": "",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://kb.netgear.com/000065885/Security-Advisory-for-Vertical-Privilege-Escalation-on-the-NMS300-PSV-2023-0127"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-12-05T01:54Z",
      "publishedDate": "2023-11-29T23:15Z"
    }
  }
}

FKIE_CVE-2023-49694

Vulnerability from fkie_nvd - Published: 2023-11-29 23:15 - Updated: 2024-11-21 08:33

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
vulnreport@tenable.com	https://kb.netgear.com/000065885/Security-Advisory-for-Vertical-Privilege-Escalation-on-the-NMS300-PSV-2023-0127	Vendor Advisory
vulnreport@tenable.com	https://www.tenable.com/security/research/tra-2023-39	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://kb.netgear.com/000065885/Security-Advisory-for-Vertical-Privilege-Escalation-on-the-NMS300-PSV-2023-0127	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.tenable.com/security/research/tra-2023-39	Exploit, Vendor Advisory

Impacted products

	Vendor	Product	Version
	netgear	prosafe_network_management_system	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netgear:prosafe_network_management_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A616F4D-0720-4399-8630-F0A017A50439",
              "versionEndExcluding": "1.7.0.31",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\n\n\nA low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM.\n\n\n\n"
    },
    {
      "lang": "es",
      "value": "Un usuario de sistema operativo con pocos privilegios y acceso a un host de Windows donde est\u00e1 instalado NETGEAR ProSAFE Network Management System puede crear archivos JSP arbitrarios en un directorio de aplicaci\u00f3n web Tomcat. Luego, el usuario puede ejecutar los archivos JSP bajo el contexto de seguridad de SYSTEM."
    }
  ],
  "id": "CVE-2023-49694",
  "lastModified": "2024-11-21T08:33:42.957",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "vulnreport@tenable.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-11-29T23:15:20.750",
  "references": [
    {
      "source": "vulnreport@tenable.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.netgear.com/000065885/Security-Advisory-for-Vertical-Privilege-Escalation-on-the-NMS300-PSV-2023-0127"
    },
    {
      "source": "vulnreport@tenable.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://www.tenable.com/security/research/tra-2023-39"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.netgear.com/000065885/Security-Advisory-for-Vertical-Privilege-Escalation-on-the-NMS300-PSV-2023-0127"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://www.tenable.com/security/research/tra-2023-39"
    }
  ],
  "sourceIdentifier": "vulnreport@tenable.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "vulnreport@tenable.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-R6CH-GXW2-7FFC

Vulnerability from github – Published: 2023-11-30 00:30 – Updated: 2023-11-30 00:30

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-49694"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-29T23:15:20Z",
    "severity": "HIGH"
  },
  "details": "\n\n\nA low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM.\n\n\n\n",
  "id": "GHSA-r6ch-gxw2-7ffc",
  "modified": "2023-11-30T00:30:18Z",
  "published": "2023-11-30T00:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49694"
    },
    {
      "type": "WEB",
      "url": "https://kb.netgear.com/000065885/Security-Advisory-for-Vertical-Privilege-Escalation-on-the-NMS300-PSV-2023-0127"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/research/tra-2023-39"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-49694 (GCVE-0-2023-49694)

VAR-202311-2124

CNVD-2023-97497

GSD-2023-49694

FKIE_CVE-2023-49694

GHSA-R6CH-GXW2-7FFC

Tags

Sightings

Nomenclature