Warning: CRITICAL VULNERABILITY IN NETGEAR PROSAFE NETWORK MANAGEMENT SYSTEM
CVE-2023-49693
CVSS:3.1: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2023-49694
CVSS:3.1: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Sources
- https://kb.netgear.com/000065886/Security-Advisory-for-Sensitive-Information-Disclosure-on-the-NMS300-PSV-2023-0126
- https://kb.netgear.com/000065885/Security-Advisory-for-Vertical-Privileg...
Risks
Successful exploitation of this vulnerability could allow remote code execution.
The Centre for Cyber security Belgium recommends system administrators patch vulnerable systems as soon as possible and analyze system and network logs for any suspicious activity. This report has instructions to help your organization.
If your organization has already identified an intrusion or incident, please report it via: https://cert.be/en/report-incident.
Description
Tenable has found multiple vulnerabilities in NETGER ProSAFE Network Management System (NMS300) v1.7.0.26.
Java Debug Wire Protocol (JDWP) RCE (CVE-2023-49693):
NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary code.
Privilege Escalation Via MySQL Server (CVE-2023-49694):
A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM.
Affected products
NETGEAR ProSAFE Network Management System is a software application for Network Management of a range of NETGEAR products. Version v1.7.0.26 is affected.
Recommended Actions
Update NETGEAR ProSAFE Network Management System to the latest version.
For the latest patches, see following vendor advisories:
- https://kb.netgear.com/000065886/Security-Advisory-for-Sensitive-Informa...
- https://kb.netgear.com/000065885/Security-Advisory-for-Vertical-Privileg...
If you have already identified an intrusion or incident, please report it via: https://cert.be/en/report-incident