SQL Injection Vulnerability in Netentsec NS-ASG Application Security Gateway
CVE-2024-2647
Key Information:
- Vendor
Netentsec
- Vendor
- CVE Published:
- 19 March 2024
Badges
What is CVE-2024-2647?
A significant vulnerability has been uncovered in the Netentsec NS-ASG Application Security Gateway version 6.3, specifically related to improper handling of the loginId parameter in the /admin/singlelogin.php file. This vulnerability permits unauthorized attackers to execute SQL injection attacks, potentially allowing them to manipulate the underlying database and access sensitive information. As this vulnerability can be exploited remotely, it poses a substantial threat to the security of web applications utilizing this gateway. Despite early notification, the vendor has not responded to the disclosure, heightening concerns about available mitigations and awareness within the user community.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
NS-ASG Application Security Gateway 6.3
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved