CVE-2023-50231 (GCVE-0-2023-50231)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:14 – Updated: 2024-09-18 18:30
VLAI?
Title
NETGEAR ProSAFE Network Management System saveNodeLabel Cross-Site Scripting Privilege Escalation Vulnerability
Summary
NETGEAR ProSAFE Network Management System saveNodeLabel Cross-Site Scripting Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Minimal user interaction is required to exploit this vulnerability.
The specific flaw exists within the saveNodeLabel method. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-21838.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NETGEAR | ProSAFE Network Management System |
Affected:
1.7.0.26 x64
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netgear:prosafe_network_management_system:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "prosafe_network_management_system",
"vendor": "netgear",
"versions": [
{
"lessThan": "1.7.0.31",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50231",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-03T18:36:32.179057Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:40.847Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:09:49.793Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1847",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1847/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://kb.netgear.com/000065901/Security-Advisory-for-Stored-Cross-Site-Scripting-on-the-NMS300-PSV-2023-0106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ProSAFE Network Management System",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "1.7.0.26 x64"
}
]
}
],
"dateAssigned": "2023-12-05T13:37:59.737-06:00",
"datePublic": "2023-12-20T15:59:06.785-06:00",
"descriptions": [
{
"lang": "en",
"value": "NETGEAR ProSAFE Network Management System saveNodeLabel Cross-Site Scripting Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Minimal user interaction is required to exploit this vulnerability. \n\nThe specific flaw exists within the saveNodeLabel method. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-21838."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:30:38.375Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1847",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1847/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://kb.netgear.com/000065901/Security-Advisory-for-Stored-Cross-Site-Scripting-on-the-NMS300-PSV-2023-0106"
}
],
"source": {
"lang": "en",
"value": "Alex Williams of Trend Micro Security Research"
},
"title": "NETGEAR ProSAFE Network Management System saveNodeLabel Cross-Site Scripting Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-50231",
"datePublished": "2024-05-03T02:14:48.162Z",
"dateReserved": "2023-12-05T16:15:17.545Z",
"dateUpdated": "2024-09-18T18:30:38.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"NETGEAR ProSAFE Network Management System saveNodeLabel Cross-Site Scripting Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Minimal user interaction is required to exploit this vulnerability. \\n\\nThe specific flaw exists within the saveNodeLabel method. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-21838.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de escalada de privilegios de secuencias de comandos entre sitios en NETGEAR ProSAFE Network Management System saveNodeLabel. Esta vulnerabilidad permite a atacantes remotos escalar privilegios en las instalaciones afectadas de NETGEAR ProSAFE Network Management System. Se requiere una interacci\\u00f3n m\\u00ednima del usuario para aprovechar esta vulnerabilidad. La falla espec\\u00edfica existe dentro del m\\u00e9todo saveNodeLabel. El problema se debe a la falta de validaci\\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede llevar a la inyecci\\u00f3n de un script arbitrario. Un atacante puede aprovechar esta vulnerabilidad para escalar privilegios a recursos normalmente protegidos del usuario. Era ZDI-CAN-21838.\"}]",
"id": "CVE-2023-50231",
"lastModified": "2024-11-21T08:36:42.883",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"zdi-disclosures@trendmicro.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.0, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.1, \"impactScore\": 5.9}]}",
"published": "2024-05-03T03:16:12.013",
"references": "[{\"url\": \"https://kb.netgear.com/000065901/Security-Advisory-for-Stored-Cross-Site-Scripting-on-the-NMS300-PSV-2023-0106\", \"source\": \"zdi-disclosures@trendmicro.com\"}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-23-1847/\", \"source\": \"zdi-disclosures@trendmicro.com\"}, {\"url\": \"https://kb.netgear.com/000065901/Security-Advisory-for-Stored-Cross-Site-Scripting-on-the-NMS300-PSV-2023-0106\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-23-1847/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"zdi-disclosures@trendmicro.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-50231\",\"sourceIdentifier\":\"zdi-disclosures@trendmicro.com\",\"published\":\"2024-05-03T03:16:12.013\",\"lastModified\":\"2025-02-07T01:59:11.987\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"NETGEAR ProSAFE Network Management System saveNodeLabel Cross-Site Scripting Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Minimal user interaction is required to exploit this vulnerability. \\n\\nThe specific flaw exists within the saveNodeLabel method. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-21838.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de escalada de privilegios de secuencias de comandos entre sitios en NETGEAR ProSAFE Network Management System saveNodeLabel. Esta vulnerabilidad permite a atacantes remotos escalar privilegios en las instalaciones afectadas de NETGEAR ProSAFE Network Management System. Se requiere una interacci\u00f3n m\u00ednima del usuario para aprovechar esta vulnerabilidad. La falla espec\u00edfica existe dentro del m\u00e9todo saveNodeLabel. El problema se debe a la falta de validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede llevar a la inyecci\u00f3n de un script arbitrario. Un atacante puede aprovechar esta vulnerabilidad para escalar privilegios a recursos normalmente protegidos del usuario. Era ZDI-CAN-21838.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":9.6,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":6.0}],\"cvssMetricV30\":[{\"source\":\"zdi-disclosures@trendmicro.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.1,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"zdi-disclosures@trendmicro.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netgear:prosafe_network_management_system:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.7.0.31\",\"matchCriteriaId\":\"9A616F4D-0720-4399-8630-F0A017A50439\"}]}]}],\"references\":[{\"url\":\"https://kb.netgear.com/000065901/Security-Advisory-for-Stored-Cross-Site-Scripting-on-the-NMS300-PSV-2023-0106\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-23-1847/\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://kb.netgear.com/000065901/Security-Advisory-for-Stored-Cross-Site-Scripting-on-the-NMS300-PSV-2023-0106\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-23-1847/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-23-1847/\", \"name\": \"ZDI-23-1847\", \"tags\": [\"x_research-advisory\", \"x_transferred\"]}, {\"url\": \"https://kb.netgear.com/000065901/Security-Advisory-for-Stored-Cross-Site-Scripting-on-the-NMS300-PSV-2023-0106\", \"name\": \"vendor-provided URL\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T22:09:49.793Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-50231\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-03T18:36:32.179057Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:netgear:prosafe_network_management_system:*:*:*:*:*:*:*:*\"], \"vendor\": \"netgear\", \"product\": \"prosafe_network_management_system\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.7.0.31\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-03T18:38:33.931Z\"}}], \"cna\": {\"title\": \"NETGEAR ProSAFE Network Management System saveNodeLabel Cross-Site Scripting Privilege Escalation Vulnerability\", \"source\": {\"lang\": \"en\", \"value\": \"Alex Williams of Trend Micro Security Research\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\"}}], \"affected\": [{\"vendor\": \"NETGEAR\", \"product\": \"ProSAFE Network Management System\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.7.0.26 x64\"}], \"defaultStatus\": \"unknown\"}], \"datePublic\": \"2023-12-20T15:59:06.785-06:00\", \"references\": [{\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-23-1847/\", \"name\": \"ZDI-23-1847\", \"tags\": [\"x_research-advisory\"]}, {\"url\": \"https://kb.netgear.com/000065901/Security-Advisory-for-Stored-Cross-Site-Scripting-on-the-NMS300-PSV-2023-0106\", \"name\": \"vendor-provided URL\", \"tags\": [\"vendor-advisory\"]}], \"dateAssigned\": \"2023-12-05T13:37:59.737-06:00\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"NETGEAR ProSAFE Network Management System saveNodeLabel Cross-Site Scripting Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Minimal user interaction is required to exploit this vulnerability. \\n\\nThe specific flaw exists within the saveNodeLabel method. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-21838.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"99f1926a-a320-47d8-bbb5-42feb611262e\", \"shortName\": \"zdi\", \"dateUpdated\": \"2024-09-18T18:30:38.375Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-50231\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-18T18:30:38.375Z\", \"dateReserved\": \"2023-12-05T16:15:17.545Z\", \"assignerOrgId\": \"99f1926a-a320-47d8-bbb5-42feb611262e\", \"datePublished\": \"2024-05-03T02:14:48.162Z\", \"assignerShortName\": \"zdi\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…