Login Sign Up

CVE-2024-10135

6.3 MEDIUM
SQL Injection

📋 TL;DR

This critical SQL injection vulnerability in ESAFENET CDG 5 allows remote attackers to execute arbitrary SQL commands by manipulating the 'id' parameter in the actionDelNetSecConfig function. Attackers can potentially access, modify, or delete database content. All users of ESAFENET CDG 5 are affected.

💻 Affected Systems

Products:
  • ESAFENET CDG 5
Versions: All versions (specific version range not specified in disclosure)
Operating Systems: Any OS running ESAFENET CDG 5
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the default configuration of the NetSecConfigService component.

📦 What is this software?

Cdg by Esafenet

View all CVEs affecting Cdg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, or full system takeover via SQL injection to execute system commands.

🟠

Likely Case

Unauthorized data access, privilege escalation, or database manipulation leading to operational disruption.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and network segmentation in place.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and public exploit exists.
🏢 Internal Only: HIGH - Even internal systems are vulnerable to authenticated or network-accessible attacks.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit has been publicly disclosed and SQL injection vulnerabilities are commonly weaponized. Authentication status not specified but likely requires some access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor did not respond to disclosure. Consider workarounds or alternative solutions.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy WAF with SQL injection rules to block malicious requests

Network Segmentation

all

Restrict access to ESAFENET CDG 5 to only trusted networks

🧯 If You Can't Patch

  • Implement strict input validation and parameterized queries in the application code
  • Deploy database monitoring and alerting for suspicious SQL queries

🔍 How to Verify

Check if Vulnerable:

Test the /com/esafenet/servlet/netSec/NetSecConfigService endpoint with SQL injection payloads in the 'id' parameter

Check Version:

Check ESAFENET CDG 5 version through administrative interface or configuration files

Verify Fix Applied:

Verify that SQL injection attempts no longer succeed and proper input validation is implemented

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed login attempts or parameter manipulation in application logs

Network Indicators:

  • SQL keywords in HTTP POST parameters to NetSecConfigService endpoint
  • Unusual database connection patterns

SIEM Query:

source="application_logs" AND ("actionDelNetSecConfig" OR "NetSecConfigService") AND ("id=" OR sql_injection_keywords)

📊 Metadata

CVE ID: CVE-2024-10135
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-89
Published: October 19, 2024
Last Updated: October 22, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-10135, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)