www.belgium.be Logo of the federal government

Warning: CRITICAL VULNERABILITY IN NETGEAR PROSAFE NETWORK MANAGEMENT SYSTEM

Reference: 
Advisory #2023-145
Version: 
1.0
Affected software: 
NETGER ProSAFE Network Management System (NMS300)
Type: 
Missing Authentication for Critical Function & Improper Access Control
CVE/CVSS: 

CVE-2023-49693
CVSS:3.1: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVE-2023-49694
CVSS:3.1: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Sources

Risks

Successful exploitation of this vulnerability could allow remote code execution.

The Centre for Cyber security Belgium recommends system administrators patch vulnerable systems as soon as possible and analyze system and network logs for any suspicious activity. This report has instructions to help your organization.

If your organization has already identified an intrusion or incident, please report it via: https://cert.be/en/report-incident.

Description

Tenable has found multiple vulnerabilities in NETGER ProSAFE Network Management System (NMS300) v1.7.0.26.

Java Debug Wire Protocol (JDWP) RCE (CVE-2023-49693):

NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary code.

Privilege Escalation Via MySQL Server (CVE-2023-49694):

A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM.

Affected products

NETGEAR ProSAFE Network Management System is a software application for Network Management of a range of NETGEAR products. Version v1.7.0.26 is affected.

Recommended Actions

Update NETGEAR ProSAFE Network Management System to the latest version.

For the latest patches, see following vendor advisories:

If you have already identified an intrusion or incident, please report it via: https://cert.be/en/report-incident 

References