Lucene search

[email protected]CVE-2023-49693

HistoryNov 29, 2023 - 11:15 p.m.

CVE-2023-49693

2023-11-2923:15:20

CWE-306

[email protected]

web.nvd.nist.gov

cve-2023-49693

netgear

prosafe

network management system

jdwp

java

port 11611

remote access

unauthenticated users

arbitrary code execution

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.8%

JSON

NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary code.

Affected configurations

NVD

Node

netgearprosafe_network_management_systemRange<1.7.0.34

CPENameOperatorVersion
netgear:prosafe_network_management_systemnetgear prosafe network management systemlt1.7.0.34

CPE	Name	Operator	Version
netgear:prosafe_network_management_system	netgear prosafe network management system	lt	1.7.0.34

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NETGEAR ProSAFE Network Management System",
    "vendor": "NETGEAR",
    "versions": [
      {
        "lessThan": "1.7.0.34",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

kb.netgear.com/000065886/Security-Advisory-for-Sensitive-Information-Disclosure-on-the-NMS300-PSV-2023-0126

www.tenable.com/security/research/tra-2023-39

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.8%

JSON

Related for CVE-2023-49693

nvd1 cvelist1