| CVE # | Advisory name | Product(s) | Severity | Last Updated | ||
|---|---|---|---|---|---|---|
| CVE-2023-41905 | Reflected Cross-Site Scripting (XSS) | nGeniusONE | Medium | |||
|
Reflected Cross-Site Scripting (XSS) CVE-2023-41905 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems in nGeniusONE version 6.3.4 build 2298 allows a Reflected Cross-Site scripting vulnerability. NetScout Systems would like to acknowledge Roberto Suggi Liverani and Filip Waeytens from the NATO Cyber Security Centre (NCSC) for reporting the vulnerability to techsupport@netscout.com. Fixed SoftwareCustomers should install patch 6.3.4 P17 B2382 or later to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix. |
||||||
| CVE-2023-41172 | Stored Cross-Site Scripting (XSS) | nGeniusONE | Medium | |||
|
Stored Cross-Site Scripting (XSS) CVE-2023-41172 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems in nGeniusONE version 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability. NetScout Systems would like to acknowledge Roberto Suggi Liverani and Filip Waeytens from the NATO Cyber Security Centre (NCSC) for reporting the vulnerability to techsupport@netscout.com. Fixed SoftwareCustomers should install patch 6.3.4 P17 B2382 or later to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix. |
||||||
| CVE-2023-41171 | Stored Cross-Site Scripting (XSS) | nGeniusONE | Medium | |||
|
Stored Cross-Site Scripting (XSS) CVE-2023-41171 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems in nGeniusONE version 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability. NetScout Systems would like to acknowledge Roberto Suggi Liverani and Filip Waeytens from the NATO Cyber Security Centre (NCSC) for reporting the vulnerability to techsupport@netscout.com. Fixed SoftwareCustomers should install patch 6.3.4 P17 B2382 or later to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix. |
||||||
| CVE-2023-41170 | Stored Cross-Site Scripting (XSS) | nGeniusONE | Medium | |||
|
Stored Cross-Site Scripting (XSS) CVE-2023-41170 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems in nGeniusONE version 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability. NetScout Systems would like to acknowledge Roberto Suggi Liverani and Filip Waeytens from the NATO Cyber Security Centre (NCSC) for reporting the vulnerability to techsupport@netscout.com. Fixed SoftwareCustomers should install patch 6.3.4 P17 B2382 or later to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix. |
||||||
| CVE-2023-41169 | Stored Cross-Site Scripting (XSS) | nGeniusONE | Medium | |||
|
Stored Cross-Site Scripting (XSS) CVE-2023-41169 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems in nGeniusONE version 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability. NetScout Systems would like to acknowledge Roberto Suggi Liverani and Filip Waeytens from the NATO Cyber Security Centre (NCSC) for reporting the vulnerability to techsupport@netscout.com. Fixed SoftwareCustomers should install patch 6.3.4 P17 B2382 or later to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix. |
||||||
| CVE-2023-41168 | Stored Cross-Site Scripting (XSS) | nGeniusONE | Medium | |||
|
Stored Cross-Site Scripting (XSS) CVE-2023-41168 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems in nGeniusONE version 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability. NetScout Systems would like to acknowledge Roberto Suggi Liverani and Filip Waeytens from the NATO Cyber Security Centre (NCSC) for reporting the vulnerability to techsupport@netscout.com. Fixed SoftwareCustomers should install patch 6.3.4 P17 B2382 or later to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix. |
||||||
| CVE-2023-40302 | Weak File Permissions | nGeniusPULSE | Critical | |||
|
Weak File Permissions CVE-2023-40302 Related Product(s): nGeniusPULSE First Published: SummaryNETSCOUT Systems in nGeniusPULSE version 3.8.0-0.2349.0.allows a Weak File Permissions vulnerability. NetScout Systems would like to acknowledge Waeytens Filip and Christophe Schleypen at NCIA for reporting CVE-2023-40301 to techsupport@netscout.com. Fixed SoftwareCustomers should install version 3.11.0-0.397.0 or above to eliminate this vulnerability. The release is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix. |
||||||
| CVE-2023-40301 | Command Injection | nGeniusONE | Critical | |||
|
Command Injection CVE-2023-40301 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems in nGeniusPULSE version 3.8.0-0.2349.0.allows a Command Injection vulnerability. NetScout Systems would like to acknowledge Waeytens Filip and Christophe Schleypen at NCIA for reporting CVE-2023-40301 to techsupport@netscout.com. Fixed SoftwareCustomers should install version 3.11.0-0.397.0 or above to eliminate this vulnerability. The release is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix. |
||||||
| CVE-2023-40300 | Hardcoded Cryptographic Key | nGeniusONE | Critical | |||
|
Hardcoded Cryptographic Key CVE-2023-40300 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems in nGeniusPULSE version 3.8.0-0.2349.0.allows a Hardcoded Cryptographic Key vulnerability. NetScout Systems would like to acknowledge Waeytens Filip and Christophe Schleypen at NCIA for reporting CVE-2023-40301 to techsupport@netscout.com. Fixed SoftwareCustomers should install version 3.11.0-0.397.0 or above to eliminate this vulnerability. The release is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix. |
||||||
| CVE-2022-44718 | Open Redirection | nGeniusONE | Low | |||
|
Open Redirection CVE-2022-44718 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems in nGeniusONE version 6.3.2 build 904 allows an Open Redirection vulnerability. Fixed SoftwareCustomers should install patch 6.3.3 P3 B1090 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix. |
||||||
| CVE-2022-44717 | Open Redirection | nGeniusONE | Low | |||
|
Open Redirection CVE-2022-44717 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems in nGeniusONE version 6.3.2 build 904 allows an Open Redirection vulnerability. Fixed SoftwareCustomers should install patch 6.3.3 P3 B1090 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix. |
||||||
| CVE-2022-44715 | Improper File Permissions | nGeniusONE | High | |||
|
Improper File Permissions CVE-2022-44715 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems in nGeniusONE version 6.3.2 build 904 allows an Improper File Permissions vulnerability. Fixed SoftwareCustomers should install patch 6.3.2 P13 B947 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix. |
||||||
| CVE-2022-44029 | Cross-Site Scripting (XSS) | nGeniusONE | Medium | |||
|
Cross-Site Scripting (XSS) CVE-2022-44029 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems in nGeniusONE version 6.3.2 build 904 allows an Reflected Cross-Site scripting vulnerability. Fixed SoftwareCustomers should install patch 6.3.2 P10 B938 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix. |
||||||
| CVE-2022-44028 | Cross-Site Scripting (XSS) | nGeniusONE | Medium | |||
|
Cross-Site Scripting (XSS) CVE-2022-44028 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems in nGeniusONE version 6.3.2 build 904 allows an Reflected Cross-Site scripting vulnerability. Fixed SoftwareCustomers should install patch 6.3.2 P10 B938 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix. |
||||||
| CVE-2022-44027 | Cross-Site Scripting (XSS) | nGeniusONE | Medium | |||
|
Cross-Site Scripting (XSS) CVE-2022-44027 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems in nGeniusONE version 6.3.2 build 904 allows a Reflected Cross-Site scripting vulnerability. Fixed SoftwareCustomers should install patch 6.3.2 P10 B938 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix. |
||||||
| CVE-2022-44026 | Cross-Site Scripting (XSS) | nGeniusONE | Medium | |||
|
Cross-Site Scripting (XSS) CVE-2022-44026 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems in nGeniusONE version 6.3.2 build 904 allows a Reflected Cross-Site scripting vulnerability. Fixed SoftwareCustomers should install patch 6.3.2 P10 B938 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix. |
||||||
| CVE-2022-44025 | Cross-Site Scripting (XSS) | nGeniusONE | Medium | |||
|
Cross-Site Scripting (XSS) CVE-2022-44025 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems in nGeniusONE version 6.3.2 build 904 allows a Reflected Cross-Site scripting vulnerability. Fixed SoftwareCustomers should install patch 6.3.2 P10 B938 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix. |
||||||
| CVE-2022-44024 | Cross-Site Scripting (XSS) | nGeniusONE | Medium | |||
|
Cross-Site Scripting (XSS) CVE-2022-44024 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems in nGeniusONE version 6.3.2 build 904 allows a Reflected Cross-Site scripting vulnerability. Fixed SoftwareCustomers should install patch 6.3.2 P10 B938 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix. |
||||||
| CVE-2021-45983 | Java RMI Remote Code Execution | nGeniusONE | Critical | |||
|
Java RMI Remote Code Execution CVE-2021-45983 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems nGeniusONE version 6.3.2 build 904 allows Java RMI Code Execution attacks. Attack complexity is high. Privileges required none. User interaction required and scope is unchanged. NetScout Systems would like to acknowledge Lukasz Plonka for reporting CVE-2021-45982 to techsupport@netscout.com Fixed SoftwareCustomers should install 6.3.2 P12 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix. |
||||||
| CVE-2021-45981 | XML External Entity (XXE) | nGeniusONE | Critical | |||
|
XML External Entity (XXE) CVE-2021-45981 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems in nGeniusONE version 6.3.2 build 904 allows XML External Entity (XXE) attacks. Attack complexity is high. Privileges required none. User interaction required and scope is unchanged. NetScout Systems would like to acknowledge Lukasz Plonka for reporting CVE-2021-45981 to techsupport@netscout.com Fixed SoftwareCustomers should install patch 6.3.2 P12 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix. |
||||||
| CVE-2021-45982 | Arbitrary File Upload | nGeniusONE | High | |||
|
Arbitrary File Upload CVE-2021-45982 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems in nGeniusONE version 6.3.2 build 904 allows an Arbitrary File Upload vulnerability. Attack complexity is high. Privileges required low. User interaction required and scope is unchanged. NetScout Systems would like to acknowledge Lukasz Plonka for reporting CVE-2021-45982 to techsupport@netscout.com Fixed SoftwareCustomers should install patch 6.3.2 P10 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix. |
||||||
| CVE-2021-35205 | Open Redirection | nGeniusONE | Medium | |||
|
Open Redirection CVE-2021-35205 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redirection in redirector. The Attack complexity is low, and the privileges required are also low. User Interaction required, and Scope is unchanged。 Fixed SoftwareCustomers should request a patch 6.3.2 FCS B426 to eliminate this vulnerability. This is available on the My NETSCOUT page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note that all future versions include this fix. |
||||||
| CVE-2021-35204 | Cross-Site Scripting (XSS) | nGeniusONE | Medium | |||
|
Cross-Site Scripting (XSS) CVE-2021-35204 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows Reflected Cross-Site Scripting (XSS) in the support endpoint. Attack Complexity required is low. Privileges required are low and User Interaction required, and Scope is unchanged. The victim has to click on the provided URL. Fixed SoftwareCustomers should request a patch 6.3.0 P6 B1413 to eliminate this vulnerability. This is available on the My NETSCOUT page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note that all future versions include this fix. |
||||||
| CVE-2021-35203 | Incorrect Access Control | nGeniusONE | Medium | |||
|
Incorrect Access Control CVE-2021-35203 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows Arbitrary File Read operations via the FDSQueryService endpoint. The attacker needs to send a specially crafted request with a parameter with the file name to read. The Attack Complexity is low, and the privileges required are low. User Interaction is required, and Scope is unchanged Fixed SoftwareCustomers should request a patch 6.3.0 P6 B1413 to eliminate this vulnerability. This is available on the My NETSCOUT page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note that all future versions include this fix. |
||||||
| CVE-2021-35202 | Insecure Permissions | nGeniusONE | Medium | |||
|
Insecure Permissions CVE-2021-35202 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows Authorization Bypass (to access an endpoint) in FDSQueryService. Attack Complexity is Low. The attacker can reach endpoints that are restricted. User Interaction is required, and Scope is unchanged。 Fixed SoftwareCustomers should request a patch 6.3.0 P6 B1413 to eliminate this vulnerability. This is available on the My NETSCOUT page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note that all future versions include this fix. |
||||||
| CVE-2021-35201 | XML External Entity (XXE) | nGeniusONE | Medium | |||
|
XML External Entity (XXE) CVE-2021-35201 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems NEI in nGeniusONE version 6.3.0 build 1196 allows XML External Entity (XXE) attacks. Attack Complexity is High, Privileges Required None, User Interaction Required and Scope is unchanged. Fixed SoftwareCustomers should request a patch 6.3.0 P4 B1406 to eliminate this vulnerability. This is available on the My NETSCOUT page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note that all future versions include this fix. |
||||||
| CVE-2021-35200 | Stored Cross-Site Scripting (XSS) | nGeniusONE | Medium | |||
|
Stored Cross-Site Scripting (XSS) CVE-2021-35200 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems nGeniusONE version 6.3.0 build 1196 has stored cross-site scripting in FDSQueryService vulnerability that a high-privileged user can exploit. This would require a user with high privileges. Attack complexity is High, and the Scope is Unchanged Fixed SoftwareCustomers should request a patch 6.3.0 P5 B1411 to eliminate this vulnerability. This is available on the My NETSCOUT page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note that all future versions include this fix. |
||||||
| CVE-2021-35199 | Stored Cross-Site Scripting (XSS) | nGeniusONE | Medium | |||
|
Stored Cross-Site Scripting (XSS) CVE-2021-35199 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems nGeniusONE version 6.3.0 build 1196 and earlier has stored cross-site scripting in Packet Analysis module Upload File vulnerability that a normal user can exploit. This requires a little crypto knowledge to exploit. The vulnerability exists in upload functionality. Fixed SoftwareCustomers should request a patch 6.3.0 P5 B1411 to eliminate this vulnerability. This is available on the My NETSCOUT page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note that all future versions include this fix. |
||||||
| CVE-2021-35198 | Stored Cross-Site Scripting (XSS) | nGeniusONE | Medium | |||
|
Stored Cross-Site Scripting (XSS) CVE-2021-35198 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems nGeniusONE version 6.3.0 build 1004, and earlier has a stored cross-site scripting vulnerability that a normal user can exploit. The user would need to visit a certain functionality in the packet module for the Stored XSS to get executed. Fixed SoftwareCustomers should request a patch 6.3.0 P5 B1411 to eliminate this vulnerability. This is available on the My NETSCOUT or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note that all future versions include this fix |
||||||
| CVE-2020-28251 | Escalated Privileges Vulnerability on AirMagnet Enterprise Sensors | AirMagnet | High | |||
|
Related Product(s): AirMagnet First Published: NETSCOUT Systems AirMagnet Enterprise version 11.1.4 build 37257 and earlier has a sensor escalated privileges vulnerability that can be exploited to provide someone with administrative access to a sensor, with credentials to invoke a command to provide root access to the operating system. The attacker must complete a straightforward password-cracking exercise. The affected product models are:
A software upgrade to AirMagnet Enterprise version 11.1.4 build 37271 to eliminate this vulnerability is available on My NETSCOUT accounts on the AirMagnet Enterprise Downloads page or may be obtained by contacting AirMagnet support at 1-800-708-4784. |
||||||