SQL Injection Vulnerability in Netentsec NS-ASG Application Security Gateway
CVE-2024-5772

9.8CRITICAL

Key Information:

Vendor: Netentsec
Status: Application Security Gateway
Vendor: CVE Published:; 9 June 2024

What is CVE-2024-5772?

A significant SQL injection vulnerability has been identified in Netentsec's NS-ASG Application Security Gateway, particularly within the processing of the file /protocol/iscuser/deleteiscuser.php. This vulnerability arises when an attacker manipulates the argument 'messagecontent', enabling unauthorized SQL commands to be executed on the backend database. The implications include potential data leaks and unauthorized alterations to the data stored in the affected database. Attackers can exploit this vulnerability remotely, which raises serious concerns for users of the NS-ASG Application Security Gateway 6.3. Despite early disclosure efforts, Netentsec has not responded regarding mitigation strategies, making it imperative for users to assess and secure their systems proactively.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://vuldb.com/?id.267455

https://vuldb.com/?ctiid.267455

https://vuldb.com/?submit.348486

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 9, 2024

JSON

Netentsec

What is CVE-2024-5772?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.