CVE-2024-2645

Name of the Vulnerable Software and Affected Versions Netentsec NS-ASG Application Security Gateway version 6.3

Description A problematic issue has been found in the Netentsec NS-ASG Application Security Gateway. This issue affects an unknown part of the file "/vpnweb/resetpwd/resetpwd.php". The manipulation of the UserId argument leads to improper neutralization of data within xpath expressions. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Recommendations Netentsec NS-ASG Application Security Gateway version 6.3: Update the "/vpnweb/resetpwd/resetpwd.php" file to properly neutralize data within xpath expressions, specifically ensuring the UserId argument is handled securely to prevent remote attacks. As a temporary workaround, consider restricting access to the "/vpnweb/resetpwd/resetpwd.php" file until the issue is resolved.