External risk intelligence

SQL Injection in Netentsec NS-ASG v6.3

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2023-30242

The vulnerability exists in an Application Security Gateway (ASG), which is typically deployed as an edge security device, network gateway, or appliance designed to manage and filter internet traffic, making its administrative and functional interfaces commonly exposed to network or internet segments.

SQL Injection

Netentsec Application Security Gateway

6.3

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

This advisory concerns a critical vulnerability discovered in Netentsec's Application Security Gateway software, specifically version 6.3. The flaw, a SQL injection vulnerability, could allow unauthenticated attackers to gain unauthorized access and potentially control the affected systems, which are often deployed at network perimeters. The primary concern at this stage is to determine if this technology is in use within the organization and assess any potential exposure.

  • SQL injection flaw in security gateway.
  • Critical flaw impacts network perimeter.
  • Confirm relevance and assess exposure.

Attack Path

How an attacker could exploit the issue

An attacker could exploit this vulnerability by sending a specially crafted request to the affected component, potentially leading to unauthorized access and modification of the system. This could allow an attacker to perform actions such as stealing sensitive data or disrupting services.

  • No authentication required.
  • Vulnerable web interface component.
  • Leads to data compromise and disruption.

Live Threat

Current exploitation, exposure, and threat context

This SQL injection vulnerability in the administrative interface of the Application Security Gateway could allow an unauthenticated attacker to execute arbitrary SQL commands. When supported by the advisory, this could lead to the disclosure or modification of system data managed by the gateway.

  • System data could be affected.
  • Unauthenticated network access enables injection.
  • Unauthorized data access or modification.

Operational Fix

Recommended remediation, mitigation, and detection steps

The identified SQL injection vulnerability in NS-ASG v6.3, particularly within the `/admin/add_ikev2.php` component, likely impacts infrastructure or network security teams responsible for managing and securing the application gateway. The immediate priority is to locate all instances of this technology, assess their exposure and business criticality, and identify the accountable owner before planning remediation.

  • Infrastructure/Security teams own the issue.
  • Verify device exposure and criticality first.
  • Plan remediation based on risk assessment.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is Netentsec Application Security Gateway?

Netentsec Application Security Gateway (NS-ASG) is a network appliance designed to manage, monitor, and filter traffic at the perimeter of a network. Organizations use this gateway as a security layer to control data flow, enforce policy, and protect internal resources from external threats. Version 6.3 is the specific release identified with a security vulnerability.

What does SQL injection mean in CVE-2023-30242?

This vulnerability is classified as CWE-89, which means the software fails to properly sanitize input before using it in a database query. In this case, an attacker can input malicious SQL commands into the system. The gateway interprets these commands as legitimate instructions, potentially allowing unauthorized access to, or modification of, the database that stores the system's configuration and security data.

How is this vulnerability triggered?

The vulnerability is triggered when an attacker sends a specially crafted request to the /admin/add_ikev2.php component of the gateway. Because the flaw exists in the web interface, it does not require the attacker to have valid login credentials or prior authorization. It is important to note that internal actions or routine traffic that does not target this specific administration component will not trigger the bug.

Is my organization at risk for this vulnerability?

According to Halo Surface Signal, this software is typically deployed as an edge security device to filter internet traffic, making it a high-priority concern. Devices that are internet-facing are most susceptible to remote, unauthenticated access. You should evaluate whether your NS-ASG instances are positioned at the network perimeter or if they are accessible from untrusted network segments.

What steps should I take if I use this software?

First, locate all instances of NS-ASG v6.3 within your infrastructure and confirm who is responsible for managing them. Assess the business criticality of these devices and their current network placement. Once you have identified the impacted systems, engage your security or infrastructure team to verify the exposure and prioritize remediation steps to prevent unauthorized access.

References