SQL Injection Vulnerability in Netentsec NS-ASG Application Security Gateway
CVE-2024-2330
Key Information:
- Vendor
Netentsec
- Vendor
- CVE Published:
- 9 March 2024
Badges
What is CVE-2024-2330?
A vulnerability has been identified in the Netentsec NS-ASG Application Security Gateway version 6.3 that pertains to an SQL injection issue in the file /protocol/index.php. Specifically, the manipulation of the argument IPAddr can lead to unauthorized query execution on the database. This flaw can be exploited remotely, thereby allowing attackers to potentially gain access to sensitive information stored in the database. The vulnerability has been made public, raising the possibility of active exploitation by malicious actors. To mitigate risks, it is crucial for users to apply necessary patches or updates as soon as they become available.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
NS-ASG Application Security Gateway 6.3
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
93% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved