CVE-2023-49694 - OpenCVE

A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Netgear	Prosafe Network Management System

Configuration 1 [-]

cpe:2.3:a:netgear:prosafe_network_management_system:*:*:*:*:*:*:*:*

References

Link	Resource
https://kb.netgear.com/000065885/Security-Advisory-for-Vertical-Privilege-Escalation-on-the-NMS300-PSV-2023-0127	Vendor Advisory
https://www.tenable.com/security/research/tra-2023-39	Exploit Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: tenable

Published: 2023-11-29T22:47:42.597Z

Updated: 2023-11-29T22:47:42.597Z

Reserved: 2023-11-29T22:03:49.958Z

Link: CVE-2023-49694

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-11-29T23:15:20.750

Modified: 2023-12-05T01:54:34.097

Link: CVE-2023-49694

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-49694", "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "state": "PUBLISHED", "assignerShortName": "tenable", "dateReserved": "2023-11-29T22:03:49.958Z", "datePublished": "2023-11-29T22:47:42.597Z", "dateUpdated": "2023-11-29T22:47:42.597Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "NETGEAR ProSAFE Network Management System", "vendor": "NETGEAR", "versions": [{"lessThan": "1.7.0.34", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2023-11-29T22:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n\n\nA low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM.\n\n\n\n"}], "value": "\n\n\nA low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM.\n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284: Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable", "dateUpdated": "2023-11-29T22:47:42.597Z"}, "references": [{"url": "https://www.tenable.com/security/research/tra-2023-39"}, {"url": "https://kb.netgear.com/000065885/Security-Advisory-for-Vertical-Privilege-Escalation-on-the-NMS300-PSV-2023-0127"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nThe issue has been fixed in NMS300 version 1.7.0.31\n\n<br>"}], "value": "\nThe issue has been fixed in NMS300 version 1.7.0.31\n\n\n"}], "source": {"discovery": "UNKNOWN"}, "title": "NETGEAR ProSAFE Network Management System Privilege Escalation Via MySQL Server", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netgear:prosafe_network_management_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A616F4D-0720-4399-8630-F0A017A50439", "versionEndExcluding": "1.7.0.31", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\n\n\nA low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM.\n\n\n\n"}, {"lang": "es", "value": "Un usuario de sistema operativo con pocos privilegios y acceso a un host de Windows donde est\u00e1 instalado NETGEAR ProSAFE Network Management System puede crear archivos JSP arbitrarios en un directorio de aplicaci\u00f3n web Tomcat. Luego, el usuario puede ejecutar los archivos JSP bajo el contexto de seguridad de SYSTEM."}], "id": "CVE-2023-49694", "lastModified": "2023-12-05T01:54:34.097", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "vulnreport@tenable.com", "type": "Secondary"}]}, "published": "2023-11-29T23:15:20.750", "references": [{"source": "vulnreport@tenable.com", "tags": ["Vendor Advisory"], "url": "https://kb.netgear.com/000065885/Security-Advisory-for-Vertical-Privilege-Escalation-on-the-NMS300-PSV-2023-0127"}, {"source": "vulnreport@tenable.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://www.tenable.com/security/research/tra-2023-39"}], "sourceIdentifier": "vulnreport@tenable.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "vulnreport@tenable.com", "type": "Secondary"}]}