CVERadar

CVE-2024-5245

Medium Severity

SVRS

30/100

CVSSv3

NA/10

EPSS

0.00015/1

CVE-2024-5245: NETGEAR ProSAFE vulnerability allows local attackers to escalate privileges via default MySQL credentials. This Local Privilege Escalation vulnerability impacts NETGEAR ProSAFE Network Management System installations. An attacker needs initial low-privilege access to exploit this critical flaw. The vulnerability stems from the installer's use of default MySQL credentials, enabling attackers to gain SYSTEM-level privileges and execute arbitrary code. While the CVSS score is 0, the SOCRadar Vulnerability Risk Score (SVRS) is 30, indicating a moderate level of risk. This means, while not immediately critical, organizations should still assess and patch this security vulnerability to prevent potential exploitation.

TAGS

In The Wild

VECTOR STRING

PUBLICATION DATE2024-05-23

LAST MODIFIED2024-05-24

SOCRadar

AI Insight

Description

CVE-2024-5245 is a local privilege escalation vulnerability in NETGEAR ProSAFE Network Management System. It allows attackers to escalate privileges on affected systems by exploiting default MySQL credentials. The vulnerability has a CVSS score of 7.8, indicating a high severity level. However, the SOCRadar Vulnerability Risk Score (SVRS) is 30, indicating a moderate risk. This discrepancy is due to the SVRS's integration of additional vulnerability intelligence elements, such as social media and dark web data, which provide a more comprehensive assessment of the threat.

Key Insights

Active Exploitation: The vulnerability is actively exploited in the wild, making it a critical threat to organizations using NETGEAR ProSAFE Network Management System.
Privilege Escalation: The vulnerability allows attackers to escalate privileges to the SYSTEM level, giving them complete control over the affected system.
Default Credentials: The vulnerability is caused by the use of default MySQL credentials, which are easily accessible to attackers.
Low Attack Complexity: Exploiting the vulnerability requires only low-privileged code execution on the target system, making it accessible to a wide range of attackers.

Mitigation Strategies

Update Software: Install the latest software updates from NETGEAR to patch the vulnerability.
Change Default Credentials: Change the default MySQL credentials to strong, unique passwords.
Enable Two-Factor Authentication: Implement two-factor authentication for all administrative accounts to prevent unauthorized access.
Monitor Network Traffic: Monitor network traffic for suspicious activity and investigate any anomalies promptly.

Additional Information

If you have any further questions regarding this incident, you can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

CVE-2024-5245 | Netgear ProSAFE Network Management System default credentials

vuldb.com2024-05-23

CVE-2024-5245 | Netgear ProSAFE Network Management System default credentials | A vulnerability classified as critical was found in Netgear ProSAFE Network Management System. Affected by this vulnerability is an unknown functionality. The manipulation leads to use of default credentials. This vulnerability is known as CVE-2024-5245. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

cve-2024-5245

domains

urls

cves

ZDI-24-496: NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability

2024-05-22

ZDI-24-496: NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability | This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-5245.

cve-2024-5245

cves

privilege escalation

first

Social Media

Vulmon Vulnerability Feed

@VulmonFeeds

2024-05-23

CVE-2024-5245 This CVE ID (CVE-2024-5245) does not exist in our database. Please verify the ID and try again. CVE IDs are unique identifiers for publicly known cybersecurity vulnerabilities, and incorrect IDs may ... https://t.co/Ytve9i4XpA

Affected Software

No affected software found for this CVE

References

Reference	Link
ZDI-DISCLOSURES@TRENDMICRO.COM	https://kb.netgear.com/000066164/Security-Advisory-for-Multiple-Vulnerabilities-on-the-NMS300-PSV-2024-0003-PSV-2024-0004
ZDI-DISCLOSURES@TRENDMICRO.COM	https://www.zerodayinitiative.com/advisories/ZDI-24-496/

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence