SQL Injection Vulnerability in Netentsec NS-ASG Application Security Gateway
CVE-2024-2021

9.8CRITICAL

Key Information:

Vendor: Netentsec
Status: Application Security Gateway
Vendor: CVE Published:; 1 March 2024

What is CVE-2024-2021?

A SQL injection vulnerability has been identified in the Netentsec NS-ASG Application Security Gateway version 6.3, specifically within the /admin/list_localuser.php file. The vulnerability stems from improper handling of the ResId parameter, allowing remote attackers to manipulate SQL queries. This can lead to unauthorized access, data leakage, and potential system compromise. The vulnerability has been publicly disclosed and may be actively exploited. Users are advised to implement security measures and monitor their systems for any unusual activity. It is important to note that the vendor has not yet responded to notifications regarding this issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://vuldb.com/?id.255300

https://vuldb.com/?ctiid.255300

https://github.com/dtxharry/cve/blob/main/cve.md

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 1, 2024

JSON

Netentsec

What is CVE-2024-2021?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.