SQL Injection Vulnerability in Netentsec Application Security Gateway
CVE-2024-2646
Key Information:
- Vendor
Netentsec
- Vendor
- CVE Published:
- 19 March 2024
Badges
What is CVE-2024-2646?
A significant vulnerability exists in the Netentsec NS-ASG Application Security Gateway 6.3, where improper handling of input in the file /vpnweb/index.php?para=index allows for a potential SQL injection. This flaw permits attackers to manipulate the 'check_VirtualSiteId' parameter, which could result in unauthorized access to sensitive information within the database. The exploit is remote, making it particularly dangerous as it can be executed from outside the affected network. As the vulnerability was disclosed publicly, it poses a serious threat to users running the affected software version. It is critical for organizations to assess their security posture and apply necessary measures immediately.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
NS-ASG Application Security Gateway 6.3
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved