PT-2024-2872 · Netentsec · Netentsec Ns-Asg Application Security Gateway

Nsuwyh

Published

2024-04-08

Updated

2024-05-17

CVE-2024-3456

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Netentsec NS-ASG Application Security Gateway version 6.3

Description A critical issue affects some unknown functionality of the file /admin/config Anticrack.php, where the manipulation of the GroupId argument leads to SQL injection. This can be exploited remotely. The issue is related to the lack of protection of the SQL query structure.

Recommendations For version 6.3, as a temporary workaround, consider restricting access to the /admin/config Anticrack.php file and avoiding the use of the GroupId argument until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

BDU:2024-03036

CVE-2024-3456

Affected Products

Netentsec Ns-Asg Application Security Gateway

PT-2024-2872 · Netentsec · Netentsec Ns-Asg Application Security Gateway

CVE-2024-3456

Weakness Enumeration

Related Identifiers

Affected Products

References · 10