Plattform
netgear
Komponente
netgear-prosafe-network-management-system
Behoben in
1.7.1
CVE-2023-41182 is a Remote Code Execution (RCE) vulnerability affecting the NETGEAR ProSAFE Network Management System. This vulnerability allows an attacker to execute arbitrary code on a vulnerable system by bypassing authentication. It impacts version 1.7.0.12 (Win64) and a patch is available from NETGEAR.
Successful exploitation of CVE-2023-41182 allows an attacker to execute arbitrary code with the privileges of the affected user. This could lead to complete system compromise, including data theft, modification, or destruction. The ability to bypass authentication significantly lowers the barrier to entry for attackers, making this a high-risk vulnerability. Given the network management nature of the affected system, an attacker could potentially gain access to sensitive network configurations and credentials, facilitating lateral movement within the network and expanding the attack's blast radius. While the description doesn't explicitly mention precedent, directory traversal vulnerabilities often lead to similar outcomes as privilege escalation exploits.
CVE-2023-41182 was publicly disclosed on May 3, 2024. Its CVSS score of 7.2 (HIGH) indicates a significant risk. The vulnerability is present in a Windows-based network management system, which are often targets for attackers. As of the time of this writing, no public proof-of-concept exploits have been published, but the ease of bypassing authentication suggests a high probability of exploitation if left unpatched. Check CISA KEV listings for updates.
Organizations utilizing NETGEAR ProSAFE Network Management System version 1.7.0.12 (Win64) are at risk, particularly those with exposed management interfaces or weak network segmentation. Shared hosting environments where multiple users share the same management system are also at increased risk, as a compromise could affect multiple tenants.
• windows / supply-chain:
Get-Process -Name "ProSAFE Network Management System*" | Select-Object ProcessName, CommandLine• windows / supply-chain:
Get-WinEvent -LogName Application -FilterXPath "*[System[Provider[@Name='Microsoft-Windows-Sysmon/Operational'] and (EventID=1)] and EventData[Data[@Name='Image']='C:\Program Files\NETGEAR\ProSAFE Network Management System\*ZipUtils.exe']"]"• generic web:
curl -I http://<target_ip>/ZipUtils.php?path=../../../../etc/passwddisclosure
Exploit-Status
EPSS
2.46% (85% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2023-41182 is to upgrade to a patched version of the NETGEAR ProSAFE Network Management System as soon as it becomes available from NETGEAR. If upgrading immediately is not feasible, consider implementing strict network segmentation to limit the potential impact of a successful exploit. While a direct WAF rule is unlikely to be effective against directory traversal, reviewing and hardening authentication mechanisms is recommended. Monitor system logs for unusual file access patterns or suspicious process executions, particularly those involving the ZipUtils component. After upgrading, confirm the fix by attempting to access files outside the intended directory via the management interface.
Actualizar a una versión del NETGEAR ProSAFE Network Management System que no sea vulnerable. Consultar el advisory de NETGEAR para obtener la versión corregida y las instrucciones de actualización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2023-41182 is a Remote Code Execution vulnerability in NETGEAR ProSAFE Network Management System version 1.7.0.12 (Win64) that allows attackers to execute arbitrary code by bypassing authentication.
If you are running NETGEAR ProSAFE Network Management System version 1.7.0.12 (Win64), you are potentially affected by this vulnerability. Check the vendor advisory for confirmation.
The recommended fix is to upgrade to a patched version of the NETGEAR ProSAFE Network Management System as soon as it becomes available. Consult the NETGEAR security advisory for details.
While no widespread exploitation has been publicly confirmed, the ease of exploitation suggests it may become a target for attackers. Continuous monitoring is advised.
Refer to the official NETGEAR security advisory for CVE-2023-41182 on the NETGEAR support website.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.