CVE-2023-30242 – CVE-2023-30242 is a critical SQL injection vuln... (How to Fix)

Q: What is the severity of CVE-2023-30242?

CVE-2023-30242 has a CVSS score of 9.8 (CRITICAL). CVE-2023-30242 is a critical SQL injection vulnerability in NS-ASG v6.3's /admin/add_ikev2.php component that allows attackers to execute arbitrary SQL commands. This affects organizations using NS-ASG v6.3 for network security and VPN management. Successful exploitation could lead to complete system compromise.

📋 TL;DR

CVE-2023-30242 is a critical SQL injection vulnerability in NS-ASG v6.3's /admin/add_ikev2.php component that allows attackers to execute arbitrary SQL commands. This affects organizations using NS-ASG v6.3 for network security and VPN management. Successful exploitation could lead to complete system compromise.

💻 Affected Systems

Products:

NS-ASG

Versions: v6.3

Operating Systems: All platforms running NS-ASG

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of NS-ASG v6.3 with the /admin/add_ikev2.php component enabled are vulnerable. No special configuration required.

📦 What is this software?

Application Security Gateway by Netentsec

View all CVEs affecting Application Security Gateway →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full administrative access to the database, credential theft, remote code execution, and complete system takeover leading to data exfiltration or ransomware deployment.

🟠

Likely Case

Database compromise, extraction of sensitive configuration data, administrative credential theft, and potential lateral movement within the network.

🟢

If Mitigated

Limited to database information disclosure if proper input validation and WAF rules are in place.

🌐 Internet-Facing: HIGH - The vulnerable component is accessible via web interface, making internet-facing instances immediately vulnerable to automated attacks.

🏢 Internal Only: HIGH - Even internally accessible instances are vulnerable to insider threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authentication to the admin interface. SQL injection payloads are well-documented and easy to weaponize.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v6.4 or later

Vendor Advisory: http://ns-asg.com

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Download NS-ASG v6.4 or later from vendor. 3. Apply patch following vendor instructions. 4. Restart NS-ASG services. 5. Verify fix by testing /admin/add_ikev2.php with SQL injection payloads.

🔧 Temporary Workarounds

WAF Rule Implementation

all

Deploy web application firewall rules to block SQL injection patterns targeting /admin/add_ikev2.php

# Example ModSecurity rule: SecRule ARGS "@detectSQLi" "id:1001,phase:2,deny,status:403,msg:'SQL Injection Attempt'"
# Add to WAF configuration blocking patterns like UNION SELECT, OR 1=1, --, ;, etc.

Access Restriction

linux

Restrict access to /admin/add_ikev2.php to specific trusted IP addresses only

# Apache: <Location /admin/add_ikev2.php> Order deny,allow Deny from all Allow from 192.168.1.0/24 </Location>
# Nginx: location /admin/add_ikev2.php { allow 192.168.1.0/24; deny all; }

🧯 If You Can't Patch

Disable the /admin/add_ikev2.php component entirely if not required for operations
Implement strict network segmentation to isolate NS-ASG from critical systems and databases

🔍 How to Verify

Check if Vulnerable:

Test /admin/add_ikev2.php endpoint with SQL injection payloads like ' OR '1'='1 in parameters. Monitor for database errors or unexpected responses.

Check Version:

Check NS-ASG web interface admin panel or run: cat /usr/local/ns-asg/version.txt

Verify Fix Applied:

After patching, attempt SQL injection tests again. Verify no database errors appear and input is properly sanitized.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts followed by SQL injection patterns
Access to /admin/add_ikev2.php with suspicious parameters

Network Indicators:

HTTP requests to /admin/add_ikev2.php containing SQL keywords (UNION, SELECT, INSERT, DELETE)
Unusual database connection patterns from NS-ASG server

SIEM Query:

source="ns-asg-logs" AND (url="/admin/add_ikev2.php" AND (param="*UNION*" OR param="*SELECT*" OR param="*--*" OR param="*;*"))

📊 Metadata

CVE ID: CVE-2023-30242

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: May 5, 2023

Last Updated: January 29, 2025

🔗 References

http://ns-asg.com Broken Link
https://gist.github.com/nsvizp/ccbc51253a47d79d2bc1ea72e01bdaf6 Third Party Advisory
https://www.netentsec.com/ Product
http://ns-asg.com Broken Link
https://gist.github.com/nsvizp/ccbc51253a47d79d2bc1ea72e01bdaf6 Third Party Advisory
https://www.netentsec.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-30242, you might also want to check these: