NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability
CVE-2023-38096

9.8CRITICAL

Key Information:

Vendor: Netgear
Status: Prosafe Network Management System
Vendor: CVE Published:; 3 May 2024

Summary

A vulnerability within the MyHandlerInterceptor class of the NETGEAR ProSAFE Network Management System facilitates authentication bypass. This flaw allows remote attackers to exploit the system without requiring any form of authentication, undermining the security posture of the system. Proper implementation measures are essential to mitigate the risk associated with this vulnerability and safeguard against potential unauthorized access.

Affected Version(s)

ProSAFE Network Management System 1.7.0.12 (Win64)

References

https://www.zerodayinitiative.com/advisories/ZDI-23-920/

x_research-advisory

https://kb.netgear.com/000065707/Security-Advisory-for-Mu...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 3, 2024
Vulnerability Reserved
Jul 12, 2023