CVE-2024-2649

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Mar 20, 2024

Updated: May 17, 2024

CWE ID 79

Summary

CVE-2024-2649 is a newly disclosed critical vulnerability affecting the Netentsec NS-ASG Application Security Gateway version 6.3. The issue lies in an unknown functionality of the file /protocol/iscdevicestatus/deleteonlineuser.php, which is susceptible to SQL injection. An attacker can manipulate the argument messagecontent to exploit this vulnerability remotely. The exploit has been made public, increasing the risk of potential attacks. The associated identifier for this vulnerability is VDB-257289. Unfortunately, the vendor was not responsive to early disclosures about this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uknnwc
https://www.cve.org/CVERecord?id=CVE-2024-2649
https://nvd.nist.gov/vuln/detail/CVE-2024-2649

Back to Vulnerability Database

CVE-2024-2649

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations