SQL Injection Vulnerability in Netentsec NS-ASG Application Security Gateway
CVE-2024-5590
Key Information:
- Vendor
Netentsec
- Vendor
- CVE Published:
- 3 June 2024
Badges
What is CVE-2024-5590?
A significant SQL injection vulnerability exists in the Netentsec NS-ASG Application Security Gateway version 6.3, specifically within the /protocol/iscuser/uploadiscuser.php file's JSON Content Handler component. The flaw arises when the 'messagecontent' argument is manipulated, allowing attackers to execute arbitrary SQL commands on the underlying database. This vulnerability can be exploited remotely, posing a serious risk to data integrity and confidentiality. Notably, despite early disclosures, Netentsec has not responded to inquiries concerning remediation, raising concerns about the availability of a timely fix. Organizations utilizing this product should take immediate steps to mitigate potential risks associated with this vulnerability.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
NS-ASG Application Security Gateway 6.3
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
Vulnerability published
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability Reserved