Vulnerabilities > CVE-2024-2646 - Unspecified vulnerability in Netentsec Application Security Gateway 6.3

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

netentsec

critical

NVD

Published: 2024-03-19

Updated: 2025-01-30

Summary

A vulnerability classified as critical was found in Netentsec NS-ASG Application Security Gateway 6.3. This vulnerability affects unknown code of the file /vpnweb/index.php?para=index. The manipulation of the argument check_VirtualSiteId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257284. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerable Configurations

Part	Description	Count
Application	Netentsec Netentsec Application Security Gateway 6.3	1

References

https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-index.md
https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-index.md
https://vuldb.com/?ctiid.257284
https://vuldb.com/?ctiid.257284
https://vuldb.com/?id.257284
https://vuldb.com/?id.257284