Sign-up

ID

VAR-202311-2124


CVE

CVE-2023-49694


TITLE

of netgear  ProSAFE Network Management System  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-026365

DESCRIPTION

A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM. of netgear ProSAFE Network Management System Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR is a router made by the American company NETGEAR. A hardware device that connects two or more networks and acts as a gateway between the networks. There is an access control error vulnerability in versions before NETGEAR ProSAFE Network Management System v1.7.0.26. A remote attacker could exploit this vulnerability to escalate privileges

Trust: 2.25

sources: NVD: CVE-2023-49694 // JVNDB: JVNDB-2023-026365 // CNVD: CNVD-2023-97497 // VULMON: CVE-2023-49694

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-97497

AFFECTED PRODUCTS

vendor:netgearmodel:prosafe network management systemscope:ltversion:1.7.0.31

Trust: 1.6

vendor:ネットギアmodel:prosafe network management systemscope:eqversion:1.7.0.31

Trust: 0.8

vendor:ネットギアmodel:prosafe network management systemscope: - version: -

Trust: 0.8

vendor:ネットギアmodel:prosafe network management systemscope:eqversion: -

Trust: 0.8

sources: CNVD: CNVD-2023-97497 // JVNDB: JVNDB-2023-026365 // NVD: CVE-2023-49694

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-49694
value: HIGH

Trust: 1.0

vulnreport@tenable.com: CVE-2023-49694
value: HIGH

Trust: 1.0

NVD: CVE-2023-49694
value: HIGH

Trust: 0.8

CNVD: CNVD-2023-97497
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2023-97497
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-49694
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2023-49694
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-97497 // JVNDB: JVNDB-2023-026365 // NVD: CVE-2023-49694 // NVD: CVE-2023-49694

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-026365 // NVD: CVE-2023-49694

PATCH

title:Patch for NETGEAR access control error vulnerability (CNVD-2023-9749744)url:https://www.cnvd.org.cn/patchInfo/show/496121

Trust: 0.6

sources: CNVD: CNVD-2023-97497

EXTERNAL IDS

db:NVDid:CVE-2023-49694

Trust: 3.3

db:TENABLEid:TRA-2023-39

Trust: 1.9

db:JVNDBid:JVNDB-2023-026365

Trust: 0.8

db:CNVDid:CNVD-2023-97497

Trust: 0.6

db:VULMONid:CVE-2023-49694

Trust: 0.1

sources: CNVD: CNVD-2023-97497 // VULMON: CVE-2023-49694 // JVNDB: JVNDB-2023-026365 // NVD: CVE-2023-49694

REFERENCES

url:https://www.tenable.com/security/research/tra-2023-39

Trust: 1.9

url:https://kb.netgear.com/000065885/security-advisory-for-vertical-privilege-escalation-on-the-nms300-psv-2023-0127

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2023-49694

Trust: 1.4

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2023-97497 // VULMON: CVE-2023-49694 // JVNDB: JVNDB-2023-026365 // NVD: CVE-2023-49694

SOURCES

db:CNVDid:CNVD-2023-97497
db:VULMONid:CVE-2023-49694
db:JVNDBid:JVNDB-2023-026365
db:NVDid:CVE-2023-49694

LAST UPDATE DATE

2024-08-14T13:41:23.460000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-97497date:2023-12-14T00:00:00
db:VULMONid:CVE-2023-49694date:2023-11-30T00:00:00
db:JVNDBid:JVNDB-2023-026365date:2024-07-17T01:59:00
db:NVDid:CVE-2023-49694date:2023-12-05T01:54:34.097

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-97497date:2023-12-07T00:00:00
db:VULMONid:CVE-2023-49694date:2023-11-29T00:00:00
db:JVNDBid:JVNDB-2023-026365date:2024-07-17T00:00:00
db:NVDid:CVE-2023-49694date:2023-11-29T23:15:20.750