Security Flaw in Netentsec NS-ASG Application Security Gateway

CVE-2024-2649

What is CVE-2024-2649?

A significant security vulnerability has been identified in the Netentsec NS-ASG Application Security Gateway version 6.3, specifically within the functionality of the file /protocol/iscdevicestatus/deleteonlineuser.php. By manipulating the 'messagecontent' parameter, attackers can execute SQL injection attacks, potentially exposing sensitive data or impacting the integrity of the database. This vulnerability can be exploited remotely, making it critical for organizations using this product to assess their risk and apply necessary mitigations. Despite prior notification to the vendor, there has been no response regarding this issue, raising concerns about user safety and product reliability. Security professionals are urged to monitor their systems closely and implement security measures to protect against possible exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References