CVE-2023-49694

A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://kb.netgear.com/000065885/Security-Advisory-for-Vertical-Privilege-Escalation-on-the-NMS300-PSV-2023-0127	Vendor Advisory
https://www.tenable.com/security/research/tra-2023-39	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:netgear:prosafe_network_management_system:*:*:*:*:*:*:*:*

History

05 Dec 2023, 01:54

Type	Values Removed	Values Added
First Time		Netgear prosafe Network Management System Netgear
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:netgear:prosafe_network_management_system::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
References	~~() https://www.tenable.com/security/research/tra-2023-39 -~~	() https://www.tenable.com/security/research/tra-2023-39 - Exploit, Vendor Advisory
References	~~() https://kb.netgear.com/000065885/Security-Advisory-for-Vertical-Privilege-Escalation-on-the-NMS300-PSV-2023-0127 -~~	() https://kb.netgear.com/000065885/Security-Advisory-for-Vertical-Privilege-Escalation-on-the-NMS300-PSV-2023-0127 - Vendor Advisory

29 Nov 2023, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-29 23:15

Updated : 2023-12-10 15:26

NVD link : CVE-2023-49694

Mitre link : CVE-2023-49694

CVE.ORG link : CVE-2023-49694

JSON object : View

Products Affected

netgear

prosafe_network_management_system

CWE

NVD-CWE-noinfo CWE-284

Improper Access Control

{"id": "CVE-2023-49694", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "vulnreport@tenable.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-11-29T23:15:20.750", "references": [{"url": "https://kb.netgear.com/000065885/Security-Advisory-for-Vertical-Privilege-Escalation-on-the-NMS300-PSV-2023-0127", "tags": ["Vendor Advisory"], "source": "vulnreport@tenable.com"}, {"url": "https://www.tenable.com/security/research/tra-2023-39", "tags": ["Exploit", "Vendor Advisory"], "source": "vulnreport@tenable.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "vulnreport@tenable.com", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "\n\n\nA low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM.\n\n\n\n"}, {"lang": "es", "value": "Un usuario de sistema operativo con pocos privilegios y acceso a un host de Windows donde est\u00e1 instalado NETGEAR ProSAFE Network Management System puede crear archivos JSP arbitrarios en un directorio de aplicaci\u00f3n web Tomcat. Luego, el usuario puede ejecutar los archivos JSP bajo el contexto de seguridad de SYSTEM."}], "lastModified": "2023-12-05T01:54:34.097", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netgear:prosafe_network_management_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A616F4D-0720-4399-8630-F0A017A50439", "versionEndExcluding": "1.7.0.31"}], "operator": "OR"}]}], "sourceIdentifier": "vulnreport@tenable.com"}