CVE-2023-49694
NETGEAR ProSAFE Network Management System Privilege Escalation Via MySQL Server
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM.
Un usuario de sistema operativo con pocos privilegios y acceso a un host de Windows donde está instalado NETGEAR ProSAFE Network Management System puede crear archivos JSP arbitrarios en un directorio de aplicación web Tomcat. Luego, el usuario puede ejecutar los archivos JSP bajo el contexto de seguridad de SYSTEM.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-11-29 CVE Reserved
- 2023-11-29 CVE Published
- 2023-12-01 EPSS Updated
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-284: Improper Access Control
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://www.tenable.com/security/research/tra-2023-39 | 2024-08-02 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Netgear Search vendor "Netgear" | Prosafe Network Management System Search vendor "Netgear" for product "Prosafe Network Management System" | < 1.7.0.31 Search vendor "Netgear" for product "Prosafe Network Management System" and version " < 1.7.0.31" | - |
Affected
|