Vulnerabilidade de Ignora de Autenticação no NETGEAR ProSAFE Network Management System MyHandlerInterceptor
Plataforma
netgear
Componente
netgear-prosafe-network-management-system
Corrigido em
1.7.1
CVE-2023-38096 is a critical authentication bypass vulnerability affecting NETGEAR ProSAFE Network Management System version 1.7.0.12. This flaw allows remote attackers to bypass authentication controls, potentially leading to unauthorized access and control of the system. Successful exploitation requires no credentials, significantly increasing the risk. A fix is available from NETGEAR.
Impacto e Cenários de Ataquetraduzindo…
The impact of CVE-2023-38096 is severe. An attacker can exploit this vulnerability to gain complete, unauthorized access to the NETGEAR ProSAFE Network Management System without needing valid credentials. This could allow them to modify network configurations, steal sensitive data stored on the system, or launch further attacks against other devices on the network. The lack of authentication requirement makes this vulnerability particularly dangerous, as it bypasses a fundamental security control. This is similar to other authentication bypass vulnerabilities where attackers can directly access backend systems.
Contexto de Exploraçãotraduzindo…
CVE-2023-38096 was disclosed on May 3, 2024. The vulnerability was reported to NETGEAR as ZDI-CAN-19718. The CVSS score of 9.8 (CRITICAL) indicates a high probability of exploitation. Public proof-of-concept (POC) code is currently unavailable, but the ease of exploitation (no credentials required) suggests that it is likely to emerge. It is not currently listed on the CISA KEV catalog.
Quem Está em Riscotraduzindo…
Organizations using NETGEAR ProSAFE Network Management System version 1.7.0.12 are at significant risk. This includes small to medium-sized businesses (SMBs) and enterprises that rely on NETGEAR ProSAFE devices for network management. Shared hosting environments utilizing this version are particularly vulnerable, as a compromise of one user could potentially affect others.
Passos de Detecçãotraduzindo…
• windows / supply-chain:
Get-Process -Name "ProSAFE Network Management System*" | Select-Object ProcessName, Id, CPU, WorkingSet• windows / supply-chain:
Get-WinEvent -LogName Security -Filter "EventID = 4625" -MaxEvents 10 | Select-Object TimeCreated, Message• generic web:
curl -I http://<target_ip>/index.php• generic web:
grep -i "authentication bypass" /var/log/apache2/access.logLinha do Tempo do Ataque
- Disclosure
disclosure
Inteligência de Ameaças
Status do Exploit
EPSS
74.93% (percentil 99%)
CISA SSVC
Vetor CVSS
O que significam essas métricas?
- Attack Vector
- Rede — explorável remotamente pela internet. Sem acesso físico ou local necessário.
- Attack Complexity
- Baixa — sem condições especiais. O atacante pode explorar de forma confiável.
- Privileges Required
- Nenhum — sem autenticação necessária para explorar.
- User Interaction
- Nenhuma — ataque automático e silencioso. A vítima não faz nada.
- Scope
- Inalterado — impacto limitado ao componente vulnerável.
- Confidentiality
- Alto — perda total de confidencialidade. O atacante pode ler todos os dados.
- Integrity
- Alto — o atacante pode escrever, modificar ou excluir qualquer dado.
- Availability
- Alto — falha completa ou esgotamento de recursos. Negação de serviço total.
Software Afetado
Classificação de Fraqueza (CWE)
Linha do tempo
- Reservado
- Publicada
- Modificada
- EPSS atualizado
Mitigação e Soluções Alternativastraduzindo…
The primary mitigation for CVE-2023-38096 is to upgrade to a patched version of the NETGEAR ProSAFE Network Management System as soon as it becomes available from NETGEAR. Until the upgrade is possible, consider implementing temporary workarounds such as restricting network access to the management interface using firewalls or access control lists (ACLs). Monitor network traffic for suspicious activity targeting the management interface. While a WAF might offer some protection, it is not a substitute for patching the underlying vulnerability. After upgrading, confirm the fix by attempting to access the management interface without providing valid credentials; access should be denied.
Como corrigir
Atualizar para uma versão do NETGEAR ProSAFE Network Management System que corrija a vulnerabilidade de ignora de autenticação. Consultar o advisory de segurança da NETGEAR (PSV-2023-0024-PSV-2023-0025) para obter a versão corrigida e as instruções de atualização.
Boletim de Segurança CVE
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
Perguntas frequentestraduzindo…
What is CVE-2023-38096 — Authentication Bypass in NETGEAR ProSAFE?
CVE-2023-38096 is a critical vulnerability in NETGEAR ProSAFE Network Management System allowing attackers to bypass authentication without credentials, potentially gaining unauthorized access.
Am I affected by CVE-2023-38096 in NETGEAR ProSAFE?
If you are using NETGEAR ProSAFE Network Management System version 1.7.0.12, you are affected by this vulnerability and should prioritize patching.
How do I fix CVE-2023-38096 in NETGEAR ProSAFE?
Upgrade to a patched version of NETGEAR ProSAFE Network Management System as soon as it becomes available from NETGEAR. Until then, implement temporary workarounds like restricting network access.
Is CVE-2023-38096 being actively exploited?
While no active exploitation has been publicly confirmed, the ease of exploitation suggests a high likelihood of exploitation in the near future.
Where can I find the official NETGEAR advisory for CVE-2023-38096?
Please refer to the official NETGEAR security advisory for CVE-2023-38096 on the NETGEAR support website.
Seu projeto está afetado?
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.