CVE-2023-41168
Stored Cross-Site Scripting (XSS)
| CVE | Title | Severity | Published | Updated |
| CVE-2023-41168 | Stored Cross-Site Scripting (XSS) | Medium | 12/07/2023 | 12/12/2023 |
Summary
NETSCOUT Systems in nGeniusONE version 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability.
NetScout Systems would like to acknowledge Roberto Suggi Liverani and Filip Waeytens from the NATO Cyber Security Centre (NCSC) for reporting the vulnerability to techsupport@netscout.com.
Fixed Software
Customers should install patch 6.3.4 P17 B2382 or later to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix.
CVE-2023-41169
Stored Cross-Site Scripting (XSS)
| CVE | Title | Severity | Published | Updated |
| CVE-2023-41169 | Stored Cross-Site Scripting (XSS) | Medium | 12/07/2023 | 12/12/2023 |
Summary
NETSCOUT Systems in nGeniusONE version 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability.
NetScout Systems would like to acknowledge Roberto Suggi Liverani and Filip Waeytens from the NATO Cyber Security Centre (NCSC) for reporting the vulnerability to techsupport@netscout.com.
Fixed Software
Customers should install patch 6.3.4 P17 B2382 or later to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix.
CVE-2023-41170
Stored Cross-Site Scripting (XSS)
| CVE | Title | Severity | Published | Updated |
| CVE-2023-41170 | Stored Cross-Site Scripting (XSS) | Medium | 12/07/2023 | 12/12/2023 |
Summary
NETSCOUT Systems in nGeniusONE version 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability.
NetScout Systems would like to acknowledge Roberto Suggi Liverani and Filip Waeytens from the NATO Cyber Security Centre (NCSC) for reporting the vulnerability to techsupport@netscout.com.
Fixed Software
Customers should install patch 6.3.4 P17 B2382 or later to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix.
CVE-2023-41171
Stored Cross-Site Scripting (XSS)
| CVE | Title | Severity | Published | Updated |
| CVE-2023-41171 | Stored Cross-Site Scripting (XSS) | Medium | 12/07/2023 | 12/12/2023 |
Summary
NETSCOUT Systems in nGeniusONE version 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability.
NetScout Systems would like to acknowledge Roberto Suggi Liverani and Filip Waeytens from the NATO Cyber Security Centre (NCSC) for reporting the vulnerability to techsupport@netscout.com.
Fixed Software
Customers should install patch 6.3.4 P17 B2382 or later to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix.
CVE-2023-41172
Stored Cross-Site Scripting (XSS)
| CVE | Title | Severity | Published | Updated |
| CVE-2023-41172 | Stored Cross-Site Scripting (XSS) | Medium | 12/07/2023 | 12/12/2023 |
Summary
NETSCOUT Systems in nGeniusONE version 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability.
NetScout Systems would like to acknowledge Roberto Suggi Liverani and Filip Waeytens from the NATO Cyber Security Centre (NCSC) for reporting the vulnerability to techsupport@netscout.com.
Fixed Software
Customers should install patch 6.3.4 P17 B2382 or later to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix.
CVE-2023-41905
Reflected Cross-Site Scripting (XSS)
| CVE | Title | Severity | Published | Updated |
| CVE-2023-41905 | Reflected Cross-Site Scripting (XSS) | Medium | 12/07/2023 | 12/12/2023 |
Summary
NETSCOUT Systems in nGeniusONE version 6.3.4 build 2298 allows a Reflected Cross-Site scripting vulnerability.
NetScout Systems would like to acknowledge Roberto Suggi Liverani and Filip Waeytens from the NATO Cyber Security Centre (NCSC) for reporting the vulnerability to techsupport@netscout.com.
Fixed Software
Customers should install patch 6.3.4 P17 B2382 or later to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix.
CVE-2023-40300
Hardcoded Cryptographic Key
| CVE | Title | Severity | Published | Updated |
| CVE-2023-40300 | Hardcoded Cryptographic Key | Critical | 12/07/2023 | 12/12/2023 |
Summary
NETSCOUT Systems in nGeniusPULSE version 3.8.0-0.2349.0.allows a Hardcoded Cryptographic Key vulnerability.
NetScout Systems would like to acknowledge Waeytens Filip and Christophe Schleypen at NCIA for reporting CVE-2023-40301 to techsupport@netscout.com.
Fixed Software
Customers should install version 3.11.0-0.397.0 or above to eliminate this vulnerability. The release is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix.
CVE-2023-40301
Command Injection
| CVE | Title | Severity | Published | Updated |
| CVE-2023-40301 | Command Injection | Critical | 12/07/2023 | 12/12/2023 |
Summary
NETSCOUT Systems in nGeniusPULSE version 3.8.0-0.2349.0.allows a Command Injection vulnerability.
NetScout Systems would like to acknowledge Waeytens Filip and Christophe Schleypen at NCIA for reporting CVE-2023-40301 to techsupport@netscout.com.
Fixed Software
Customers should install version 3.11.0-0.397.0 or above to eliminate this vulnerability. The release is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix.
CVE-2023-40302
Weak File Permissions
| CVE | Title | Severity | Published | Updated |
| CVE-2023-40302 | Weak File Permissions | Critical | 12/07/2023 | 12/12/2023 |
Summary
NETSCOUT Systems in nGeniusPULSE version 3.8.0-0.2349.0.allows a Weak File Permissions vulnerability.
NetScout Systems would like to acknowledge Waeytens Filip and Christophe Schleypen at NCIA for reporting CVE-2023-40301 to techsupport@netscout.com.
Fixed Software
Customers should install version 3.11.0-0.397.0 or above to eliminate this vulnerability. The release is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix.
CVE-2022-44715
Improper File Permissions
| CVE | Title | Severity | Published | Updated |
| CVE-2022-44715 | Improper File Permissions | High | 01/27/2023 | 02/03/2023 |
Summary
NETSCOUT Systems in nGeniusONE version 6.3.2 build 904 allows an Improper File Permissions vulnerability.
NetScout Systems would like to acknowledge Lukasz Plonka for reporting CVE-2022-44715 to techsupport@netscout.com.
Fixed Software
Customers should install patch 6.3.2 P13 B947 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix.
CVE-2022-44717
Open Redirection
| CVE | Title | Severity | Published | Updated |
| CVE-2022-44717 | Open Redirection | Low | 01/27/2023 | 02/03/2023 |
Summary
NETSCOUT Systems in nGeniusONE version 6.3.2 build 904 allows an Open Redirection vulnerability.
NetScout Systems would like to acknowledge Lukasz Plonka for reporting CVE-2022-44717 to techsupport@netscout.com.
Fixed Software
Customers should install patch 6.3.3 P3 B1090 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix.
CVE-2022-44718
Open Redirection
| CVE | Title | Severity | Published | Updated |
| CVE-2022-44718 | Open Redirection | Low | 01/27/2023 | 02/03/2023 |
Summary
NETSCOUT Systems in nGeniusONE version 6.3.2 build 904 allows an Open Redirection vulnerability.
NetScout Systems would like to acknowledge Lukasz Plonka for reporting CVE-2022-44718 to techsupport@netscout.com.
Fixed Software
Customers should install patch 6.3.3 P3 B1090 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix.
CVE-2022-44024
Cross-Site Scripting (XSS)
| CVE | Title | Severity | Published | Updated |
| CVE-2022-44024 | Cross-Site Scripting | Medium | 01/27/2023 | 02/03/2023 |
Summary
NETSCOUT Systems in nGeniusONE version 6.3.2 build 904 allows a Reflected Cross-Site scripting vulnerability.
NetScout Systems would like to acknowledge Lukasz Plonka for reporting CVE-2022-44024 to techsupport@netscout.com.
Fixed Software
Customers should install patch 6.3.2 P10 B938 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix.
CVE-2022-44025
Cross-Site Scripting (XSS)
| CVE | Title | Severity | Published | Updated |
| CVE-2022-44025 | Cross-Site Scripting | Medium | 01/27/2023 | 02/03/2023 |
Summary
NETSCOUT Systems in nGeniusONE version 6.3.2 build 904 allows a Reflected Cross-Site scripting vulnerability.
NetScout Systems would like to acknowledge Lukasz Plonka for reporting CVE-2022-44024 to techsupport@netscout.com.
Fixed Software
Customers should install patch 6.3.2 P10 B938 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix.
CVE-2022-44026
Cross-Site Scripting (XSS)
| CVE | Title | Severity | Published | Updated |
| CVE-2022-44026 | Cross-Site Scripting | Medium | 01/27/2023 | 02/03/2023 |
Summary
NETSCOUT Systems in nGeniusONE version 6.3.2 build 904 allows a Reflected Cross-Site scripting vulnerability.
NetScout Systems would like to acknowledge Lukasz Plonka for reporting CVE-2022-44024 to techsupport@netscout.com.
Fixed Software
Customers should install patch 6.3.2 P10 B938 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix.
CVE-2022-44027
Cross-Site Scripting (XSS)
| CVE | Title | Severity | Published | Updated |
| CVE-2022-44027 | Cross-Site Scripting | Medium | 01/27/2023 | 02/03/2023 |
Summary
NETSCOUT Systems in nGeniusONE version 6.3.2 build 904 allows a Reflected Cross-Site scripting vulnerability.
NetScout Systems would like to acknowledge Lukasz Plonka for reporting CVE-2022-44024 to techsupport@netscout.com.
Fixed Software
Customers should install patch 6.3.2 P10 B938 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix.
CVE-2022-44028
Cross-Site Scripting (XSS)
| CVE | Title | Severity | Published | Updated |
| CVE-2022-44028 | Cross-Site Scripting | Medium | 01/27/2023 | 02/03/2023 |
Summary
NETSCOUT Systems in nGeniusONE version 6.3.2 build 904 allows an Reflected Cross-Site scripting vulnerability.
NetScout Systems would like to acknowledge Lukasz Plonka for reporting CVE-2022-44024 to techsupport@netscout.com.
Fixed Software
Customers should install patch 6.3.2 P10 B938 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix.
CVE-2022-44029
Cross-Site Scripting (XSS)
| CVE | Title | Severity | Published | Updated |
| CVE-2022-44029 | Cross-Site Scripting | Medium | 01/27/2023 | 02/03/2023 |
Summary
NETSCOUT Systems in nGeniusONE version 6.3.2 build 904 allows an Reflected Cross-Site scripting vulnerability.
NetScout Systems would like to acknowledge Lukasz Plonka for reporting CVE-2022-44024 to techsupport@netscout.com.
Fixed Software
Customers should install patch 6.3.2 P10 B938 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix.
CVE-2021-45981
XML External Entity (XXE)
| CVE | Title | Version | Severity | Published | Updated |
| CVE-2021-45981 | XML External Entity (XXE) | 6.3.2 | Critical | 06/02/2022 | 06/13/2022 |
Summary
NETSCOUT Systems in nGeniusONE version 6.3.2 build 904 allows XML External Entity (XXE) attacks. Attack complexity is high. Privileges required none. User interaction required and scope is unchanged.
NetScout Systems would like to acknowledge Lukasz Plonka for reporting CVE-2021-45981 to techsupport@netscout.com
Fixed Software
Customers should install patch 6.3.2 P12 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix.
CVE-2021-45982
Arbitrary File Upload
| CVE | Title | Version | Severity | Published | Updated |
| CVE-2021-45982 | Arbitrary File Upload | 6.3.2 | High | 06/02/2022 | 06/10/2022 |
Summary
NETSCOUT Systems in nGeniusONE version 6.3.2 build 904 allows an Arbitrary File Upload vulnerability. Attack complexity is high. Privileges required low. User interaction required and scope is unchanged.
NetScout Systems would like to acknowledge Lukasz Plonka for reporting CVE-2021-45982 to techsupport@netscout.com
Fixed Software
Customers should install patch 6.3.2 P10 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix.
CVE-2021-45983
Java RMI Remote Code Execution
| CVE | Title | Version | Severity | Published | Updated |
| CVE-2021-45983 | Java RMI Remote Code Execution | 6.3.2 | Critical | 06/02/2022 | 06/13/2022 |
Summary
NETSCOUT Systems nGeniusONE version 6.3.2 build 904 allows Java RMI Code Execution attacks. Attack complexity is high. Privileges required none. User interaction required and scope is unchanged.
NetScout Systems would like to acknowledge Lukasz Plonka for reporting CVE-2021-45982 to techsupport@netscout.com
Fixed Software
Customers should install 6.3.2 P12 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix.
CVE-2021-35205
Open Redirection
| CVE | Title | Severity | Published | Updated |
| CVE-2021-35205 | Open Redirection | Medium | 09/30/2021 | 10/04/2021 |
Summary
NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redirection in redirector. The Attack complexity is low, and the privileges required are also low. User Interaction required, and Scope is unchanged
Fixed Software
Customers should request a patch 6.3.2 FCS B426 to eliminate this vulnerability. This is available on the My NETSCOUT page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note that all future versions include this fix.
CVE-2021-35204
Cross-Site Scripting (XSS)
| CVE | Title | Severity | Published | Updated |
| CVE-2021-35204 | Cross-Site Scripting (XSS) | Medium | 09/30/2021 | 10/04/2021 |
Summary
NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows Reflected Cross-Site Scripting (XSS) in the support endpoint. Attack Complexity required is low. Privileges required are low and User Interaction required, and Scope is unchanged. The victim has to click on the provided URL.
Fixed Software
Customers should request a patch 6.3.0 P6 B1413 to eliminate this vulnerability. This is available on the My NETSCOUT page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note that all future versions include this fix.
CVE-2021-35203
Incorrect Access Control
| CVE | Title | Severity | Published | Updated |
| CVE-2021-35203 | Incorrect Access Control | Medium | 09/30/2021 | 10/04/2021 |
Summary
NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows Arbitrary File Read operations via the FDSQueryService endpoint. The attacker needs to send a specially crafted request with a parameter with the file name to read. The Attack Complexity is low, and the privileges required are low. User Interaction is required, and Scope is unchanged
Fixed Software
Customers should request a patch 6.3.0 P6 B1413 to eliminate this vulnerability. This is available on the My NETSCOUT page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note that all future versions include this fix.CVE-2021-35202
Insecure Permissions
| CVE | Title | Severity | Published | Updated |
| CVE-2021-35202 | Insecure Permissions | Medium | 09/30/2021 | 10/04/2021 |
Summary
NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows Authorization Bypass (to access an endpoint) in FDSQueryService. Attack Complexity is Low. The attacker can reach endpoints that are restricted. User Interaction is required, and Scope is unchanged
Fixed Software
Customers should request a patch 6.3.0 P6 B1413 to eliminate this vulnerability. This is available on the My NETSCOUT page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note that all future versions include this fix.
CVE-2021-35201
XML External Entity (XXE)
| CVE | Title | Severity | Published | Updated |
| CVE-2021-35201 | XML External Entity (XXE) | Medium | 09/30/2021 | 10/04/2021 |
Summary
NETSCOUT Systems NEI in nGeniusONE version 6.3.0 build 1196 allows XML External Entity (XXE) attacks. Attack Complexity is High, Privileges Required None, User Interaction Required and Scope is unchanged.
Fixed Software
Customers should request a patch 6.3.0 P4 B1406 to eliminate this vulnerability. This is available on the My NETSCOUT page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note that all future versions include this fix.
CVE-2021-35200
Stored Cross-Site Scripting (XSS)
| CVE | Title | Severity | Published | Updated |
| CVE-2021-35200 | Stored Cross-Site Scripting (XSS) | Medium | 09/30/2021 | 10/04/2021 |
Summary
NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 has stored cross-site scripting in FDSQueryService vulnerability that a high-privileged user can exploit. This would require a user with high privileges. Attack complexity is High, and the Scope is Unchanged
Fixed Software
Customers should request a patch 6.3.0 P5 B1411 to eliminate this vulnerability. This is available on the My NETSCOUT page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note that all future versions include this fix.
CVE-2021-35199
Stored Cross-Site Scripting (XSS)
| CVE | Title | Severity | Published | Updated |
| CVE-2021-35199 | Stored Cross-Site Scripting (XSS) | Medium | 09/30/2021 | 10/04/2021 |
Summary
NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 and earlier has stored cross-site scripting in Packet Analysis module Upload File vulnerability that a normal user can exploit. This requires a little crypto knowledge to exploit. The vulnerability exists in upload functionality.
Fixed Software
Customers should request a patch 6.3.0 P5 B1411 to eliminate this vulnerability. This is available on the My NETSCOUT page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note that all future versions include this fix.
CVE-2021-35198
Stored Cross-Site Scripting (XSS)
| CVE | Title | Severity | Published | Updated |
| CVE-2021-35198 | Stored Cross-Site Scripting (XSS) | Medium | 09/30/2021 | 10/04/2021 |
Summary
NETSCOUT Systems nGeniusONE version 6.3.0 build 1004, and earlier has a stored cross-site scripting vulnerability that a normal user can exploit. The user would need to visit a certain functionality in the packet module for the Stored XSS to get executed.
Fixed Software
Customers should request a patch 6.3.0 P5 B1411 to eliminate this vulnerability. This is available on the My NETSCOUT or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note that all future versions include this fix
CVE-2020-28251
Escalated Privileges Vulnerability on AirMagnet Enterprise Sensors
| CVE | Title | Severity | Published | Updated |
| CVE-2020-28251 | Escalated Privileges Vulnerability on AirMagnet Enterprise Sensors | High | 2020 December 03 | 2020 December 07 |
NETSCOUT Systems AirMagnet Enterprise version 11.1.4 build 37257 and earlier has a sensor escalated privileges vulnerability that can be exploited to provide someone with administrative access to a sensor, with credentials to invoke a command to provide root access to the operating system. The attacker must complete a straightforward password-cracking exercise.
The affected product models are:
- SENSOR6-R1S0W1-E
- SENSOR6-R2S1-E
- SENSOR6-R2S1-I
- SENSOR4-R1S1W1-E
- SENSOR4-R2S1-E
- SENSOR4-R2S1-I
A software upgrade to AirMagnet Enterprise version 11.1.4 build 37271 to eliminate this vulnerability is available on My NETSCOUT accounts on the AirMagnet Enterprise Downloads page or may be obtained by contacting AirMagnet support at 1-800-708-4784.