CVE-2023-5785 in NS-ASG Application Security Gatewayinfo

Summary

by MITRE • 10/26/2023

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/firewall/addaddress_interpret.php. The manipulation of the argument messagecontent leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243591. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 06/05/2024

The vulnerability CVE-2023-5785 represents a critical sql injection flaw in Netentsec NS-ASG Application Security Gateway version 6.3, specifically within the file /protocol/firewall/addaddress_interpret.php. This vulnerability falls under the CWE-89 category of improper neutralization of special elements used in an sql command, making it a severe database security risk. The flaw manifests when the messagecontent argument is manipulated, allowing attackers to inject malicious sql code directly into the application's database layer. The affected component processes firewall address additions through this php script, creating a pathway for unauthorized database access and potential data compromise.

The operational impact of this vulnerability extends far beyond simple data theft, as sql injection attacks can enable complete database compromise including unauthorized data manipulation, privilege escalation, and potential lateral movement within network infrastructure. Attackers exploiting this vulnerability could gain access to sensitive firewall configuration data, user credentials stored in the database, and potentially execute arbitrary commands on the underlying system. The disclosure of this exploit publicly available through VDB-243591 means that threat actors have immediate access to the attack vector without requiring additional reconnaissance. This public availability significantly increases the risk profile as demonstrated by the vendor's lack of response to early disclosure attempts, suggesting potential delays in patch development or deployment.

Security professionals should recognize this vulnerability as part of the ATT&CK technique T1190 - Exploit Public-Facing Application, where adversaries target web applications to gain initial access to systems. The attack surface is particularly concerning given that this affects an application security gateway, which typically serves as a critical network defense component. Organizations using Netentsec NS-ASG 6.3 should immediately implement network segmentation to limit access to the vulnerable application, disable unnecessary firewall management functions, and deploy web application firewalls to detect sql injection attempts. The lack of vendor response creates an urgent need for temporary mitigations including input validation, parameterized queries, and network-level protections. Additionally, organizations should conduct comprehensive vulnerability assessments to identify similar flaws in other network security appliances and ensure proper incident response procedures are in place to handle potential exploitation attempts.

Responsible

VulDB

Reservation

10/26/2023

Disclosure

10/26/2023

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00551

KEV

no

Activities

low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!