NETGEAR ProSAFE NetMan Sys: Tomcat RCE via Installer
CVE-2024-5246 Published on May 23, 2024

NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability
NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from the use of a vulnerable version of Apache Tomcat. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-22868.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2024-5246 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

CWE-1395

Products Associated with CVE-2024-5246

stack.watch emails you whenever new vulnerabilities are published in Netgear Prosafe Network Management Software 300 or Apache Tomcat. Just hit a watch button to start following.

Netgear Prosafe Network Management Software 300
 
Apache Tomcat
 

Affected Versions

NETGEAR ProSAFE Network Management System: netgear prosafe_network_management_system:

Exploit Probability

EPSS
74.71%
Percentile
98.83%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.