CVE-2023-3792 - OpenCVE

A vulnerability was found in Beijing Netcon NS-ASG 6.3. It has been classified as problematic. This affects an unknown part of the file /admin/test_status.php. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:A/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Netentsec	Application Security Gateway

Configuration 1 [-]

cpe:2.3:a:netentsec:application_security_gateway:6.3:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/CYN521/cve/blob/main/NS-ASG.md
https://vuldb.com/?ctiid.235059
https://vuldb.com/?id.235059

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2023-07-20T19:00:04.971Z

Updated: 2024-08-02T07:08:50.059Z

Reserved: 2023-07-20T07:45:36.548Z

Link: CVE-2023-3792

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-07-20T19:15:10.923

Modified: 2024-05-17T02:27:48.240

Link: CVE-2023-3792

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3792", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-07-20T07:45:36.548Z", "datePublished": "2023-07-20T19:00:04.971Z", "dateUpdated": "2024-08-02T07:08:50.059Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-23T17:49:49.610Z"}, "title": "Beijing Netcon NS-ASG test_status.php direct request", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-425", "lang": "en", "description": "CWE-425 Direct Request"}]}], "affected": [{"vendor": "Beijing Netcon", "product": "NS-ASG", "versions": [{"version": "6.3", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Beijing Netcon NS-ASG 6.3. It has been classified as problematic. This affects an unknown part of the file /admin/test_status.php. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in Beijing Netcon NS-ASG 6.3 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /admin/test_status.php. Dank der Manipulation mit unbekannten Daten kann eine direct request-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N"}}], "timeline": [{"time": "2023-07-20T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-07-20T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-07-20T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-08-15T09:56:39.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "CYN521 (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.235059", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.235059", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/CYN521/cve/blob/main/NS-ASG.md", "tags": ["exploit"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:08:50.059Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.235059", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.235059", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/CYN521/cve/blob/main/NS-ASG.md", "tags": ["exploit", "x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netentsec:application_security_gateway:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "7A708923-EF5F-4F53-86F3-DF0366E6FB58", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Beijing Netcon NS-ASG 6.3. It has been classified as problematic. This affects an unknown part of the file /admin/test_status.php. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2023-3792", "lastModified": "2024-05-17T02:27:48.240", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2023-07-20T19:15:10.923", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/CYN521/cve/blob/main/NS-ASG.md"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?ctiid.235059"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.235059"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-425"}], "source": "cna@vuldb.com", "type": "Primary"}]}