Detections
Analytics

NewStart CGSL MAIN 7.02 : python3.11 Multiple Vulnerabilities (NS-SA-2025-0109)

high Nessus Plugin ID 242797

Synopsis

The remote NewStart CGSL host is affected by multiple vulnerabilities.

Description

The remote NewStart CGSL host, running version MAIN 7.02, has python3.11 packages installed that are affected by multiple vulnerabilities:

 - A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment activation scripts (ie source venv/bin/activate). This means that attacker- controlled virtual environments are able to run commands when the virtual environment is activated.
 Virtual environments which are not created by an attacker or which aren't activated before being used (ie ./venv/bin/python) are not affected. (CVE-2024-9287)

 - The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python. (CVE-2023-27043)

 - A defect was discovered in the Python ssl module where there is a memory race condition with the ssl.SSLContext methods cert_store_stats() and get_ca_certs(). The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as during the TLS handshake with a certificate directory configured. This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5. (CVE-2024-0397)

 - An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to quoted-overlap zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive. (CVE-2024-0450)

 - The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as globally reachable or private. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn't be returned in accordance with the latest information from the IANA Special-Purpose Address Registries. CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior. (CVE-2024-4032)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the vulnerable CGSL python3.11 packages. Note that updated packages may not be available yet. Please contact ZTE for more information.

See Also

https://security.gd-linux.com/notice/NS-SA-2025-0109

https://security.gd-linux.com/info/CVE-2023-27043

https://security.gd-linux.com/info/CVE-2024-0397

https://security.gd-linux.com/info/CVE-2024-0450

https://security.gd-linux.com/info/CVE-2024-4032

https://security.gd-linux.com/info/CVE-2024-6232

https://security.gd-linux.com/info/CVE-2024-6923

https://security.gd-linux.com/info/CVE-2024-7592

https://security.gd-linux.com/info/CVE-2024-8088

https://security.gd-linux.com/info/CVE-2024-9287

https://security.gd-linux.com/info/CVE-2025-0938

https://security.gd-linux.com/info/CVE-2025-4517

Plugin Details

Severity: High

ID: 242797

File Name: newstart_cgsl_NS-SA-2025-0109_python3_11.nasl

Version: 1.1

Type: local

Published: 7/25/2025

Updated: 7/25/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2024-9287

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: High

Base Score: 8.7

Threat Score: 7.7

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2024-8088

Vulnerability Information

CPE: p-cpe:/a:zte:cgsl_main:python3-tkinter, cpe:/o:zte:cgsl_main:7, p-cpe:/a:zte:cgsl_main:python3-devel, p-cpe:/a:zte:cgsl_main:python3, p-cpe:/a:zte:cgsl_main:python3-libs, p-cpe:/a:zte:cgsl_main:python-unversioned-command

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/25/2025

Vulnerability Publication Date: 4/18/2023

Reference Information

CVE: CVE-2023-27043, CVE-2024-0397, CVE-2024-0450, CVE-2024-4032, CVE-2024-6232, CVE-2024-6923, CVE-2024-7592, CVE-2024-8088, CVE-2024-9287, CVE-2025-0938, CVE-2025-4517

IAVA: 2023-A-0442-S, 2025-A-0444