CVE-2024-5246

Опубликовано: 23 мая 2024

Источник: nvd

CVSS3: 8.8

EPSS Высокий

Описание

NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability.

The specific flaw exists within the product installer. The issue results from the use of a vulnerable version of Apache Tomcat. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-22868.

Ссылки

https://kb.netgear.com/000066164/Security-Advisory-for-Multiple-Vulnerabilities-on-the-NMS300-PSV-2024-0003-PSV-2024-0004
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-24-497/
Third Party Advisory
https://kb.netgear.com/000066164/Security-Advisory-for-Multiple-Vulnerabilities-on-the-NMS300-PSV-2024-0003-PSV-2024-0004
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-24-497/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:netgear:prosafe_network_management_software_300:1.7.0.37:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.74714

Высокий

8.8 High

CVSS3

8.8 High

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

BDU:2024-04674

CVSS3: 8.8

fstec

около 2 лет назад

Уязвимость компонента Tomcat микропрограммного обеспечения сетевых устройств Netgear ProSafe NMS300, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 99%

0.74714

Высокий

8.8 High

CVSS3

8.8 High

CVSS3

Дефекты

NVD-CWE-noinfo