{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-3457","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-04-08T10:11:47.982Z","datePublished":"2024-04-08T17:31:04.561Z","dateUpdated":"2024-08-12T13:10:23.525Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-04-08T17:31:04.561Z"},"title":"Netentsec NS-ASG Application Security Gateway config_ISCGroupNoCache.php sql injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-89","lang":"en","description":"CWE-89 SQL Injection"}]}],"affected":[{"vendor":"Netentsec","product":"NS-ASG Application Security Gateway","versions":[{"version":"6.3","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/config_ISCGroupNoCache.php. The manipulation of the argument GroupId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259713 was assigned to this vulnerability."},{"lang":"de","value":"Es wurde eine Schwachstelle in Netentsec NS-ASG Application Security Gateway 6.3 entdeckt. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /admin/config_ISCGroupNoCache.php. Durch die Manipulation des Arguments GroupId mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P"}}],"timeline":[{"time":"2024-04-08T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-04-08T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-04-08T12:17:00.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"52xiaohai (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.259713","name":"VDB-259713 | Netentsec NS-ASG Application Security Gateway config_ISCGroupNoCache.php sql injection","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.259713","name":"VDB-259713 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.312184","name":"Submit #312184 | Beijing Wangkang Technology Co., Ltd. NS-ASG application security gateway. 6.3 security gateway intelligent management platform","tags":["third-party-advisory"]},{"url":"https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-nconfig_ISCGroupNoCache.md","tags":["exploit"]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T20:12:07.690Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.259713","name":"VDB-259713 | Netentsec NS-ASG Application Security Gateway config_ISCGroupNoCache.php sql injection","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.259713","name":"VDB-259713 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required","x_transferred"]},{"url":"https://vuldb.com/?submit.312184","name":"Submit #312184 | Beijing Wangkang Technology Co., Ltd. NS-ASG application security gateway. 6.3 security gateway intelligent management platform","tags":["third-party-advisory","x_transferred"]},{"url":"https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-nconfig_ISCGroupNoCache.md","tags":["exploit","x_transferred"]}]},{"affected":[{"vendor":"netentsec","product":"ns-asg_application_security_gateway","cpes":["cpe:2.3:a:netentsec:ns-asg_application_security_gateway:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"6.3","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-08-12T13:09:21.917717Z","id":"CVE-2024-3457","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-08-12T13:10:23.525Z"}}]}}