Lucene search

TenableCVELIST:CVE-2023-49693

HistoryNov 29, 2023 - 10:41 p.m.

CVE-2023-49693 NETGEAR ProSAFE Network Management System RCE via Unprotected Access to Java Debug Wire Protocol

2023-11-2922:41:02

CWE-306

tenable

www.cve.org

netgear

prosafe

management system

rce

vulnerability

java debug wire protocol

port 11611

unauthenticated access

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.002

Percentile

52.0%

JSON

NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary code.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NETGEAR ProSAFE Network Management System",
    "vendor": "NETGEAR",
    "versions": [
      {
        "lessThan": "1.7.0.34",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

kb.netgear.com/000065886/Security-Advisory-for-Sensitive-Information-Disclosure-on-the-NMS300-PSV-2023-0126

www.tenable.com/security/research/tra-2023-39

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.002

Percentile

52.0%

JSON

Related for CVELIST:CVE-2023-49693