NETGEAR ProSAFE Network Management System Privilege Escalation Via MySQL Server

CVE-2023-49694

7.8HIGH

Key Information

Vendor: NETGEAR
Status: NETGEAR ProSAFE Network Management System
Vendor: CVE Published:; 29 November 2023

Summary

A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM.

Affected Version(s)

NETGEAR ProSAFE Network Management System < 1.7.0.34

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability Reserved.
Nov 29, 2023
Vulnerability published.
Nov 29, 2023

Collectors

NVD DatabaseMitre Database