Detections
Analytics

NewStart CGSL MAIN 7.02 : python3.11 Multiple Vulnerabilities (NS-SA-2025-0074)

medium Nessus Plugin ID 237996

Synopsis

The remote NewStart CGSL host is affected by multiple vulnerabilities.

Description

The remote NewStart CGSL host, running version MAIN 7.02, has python3.11 packages installed that are affected by multiple vulnerabilities:

 - A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment activation scripts (ie source venv/bin/activate). This means that attacker- controlled virtual environments are able to run commands when the virtual environment is activated.
 Virtual environments which are not created by an attacker or which aren't activated before being used (ie ./venv/bin/python) are not affected. (CVE-2024-9287)

 - A defect was discovered in the Python ssl module where there is a memory race condition with the ssl.SSLContext methods cert_store_stats() and get_ca_certs(). The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as during the TLS handshake with a certificate directory configured. This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5. (CVE-2024-0397)

 - The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as globally reachable or private. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn't be returned in accordance with the latest information from the IANA Special-Purpose Address Registries. CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior. (CVE-2024-4032)

 - There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. (CVE-2024-6232)

 - There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value. (CVE-2024-7592)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the vulnerable CGSL python3.11 packages. Note that updated packages may not be available yet. Please contact ZTE for more information.

See Also

https://security.gd-linux.com/notice/NS-SA-2025-0074

https://security.gd-linux.com/info/CVE-2024-0397

https://security.gd-linux.com/info/CVE-2024-4032

https://security.gd-linux.com/info/CVE-2024-6232

https://security.gd-linux.com/info/CVE-2024-7592

https://security.gd-linux.com/info/CVE-2024-9287

Plugin Details

Severity: Medium

ID: 237996

File Name: newstart_cgsl_NS-SA-2025-0074_python3_11.nasl

Version: 1.2

Type: local

Published: 6/9/2025

Updated: 6/18/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2024-9287

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: Medium

Base Score: 5.3

Threat Score: 4.2

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Vulnerability Information

CPE: p-cpe:/a:zte:cgsl_main:python3-tkinter, cpe:/o:zte:cgsl_main:7, p-cpe:/a:zte:cgsl_main:python3-devel, p-cpe:/a:zte:cgsl_main:python3, p-cpe:/a:zte:cgsl_main:python3-libs, p-cpe:/a:zte:cgsl_main:python-unversioned-command

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/28/2025

Vulnerability Publication Date: 6/17/2024

Reference Information

CVE: CVE-2024-0397, CVE-2024-4032, CVE-2024-6232, CVE-2024-7592, CVE-2024-9287