NETGEAR ProSAFE Network Management System Privilege Escalation Via MySQL Server
CVE-2023-49694

7.8HIGH

Key Information:

Vendor: NETGEAR
Status: NETGEAR ProSAFE Network Management System
Vendor: CVE Published:; 29 November 2023

Summary

A vulnerability exists in the NETGEAR ProSAFE Network Management System, where a low-privileged OS user can gain unauthorized access and create arbitrary JSP files within the Tomcat web application directory. This allows the malicious user to execute these JSP files with the security privileges of the SYSTEM account, potentially leading to further exploitation of the system.

Affected Version(s)

NETGEAR ProSAFE Network Management System 0 < 1.7.0.34

References

https://www.tenable.com/security/research/tra-2023-39

https://kb.netgear.com/000065885/Security-Advisory-for-Ve...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 29, 2023
Vulnerability Reserved
Nov 29, 2023