Edge SWG (formerly ProxySG) vulnerability status in respect to CVE-2024-26592 and CVE-2024-26594

search cancel

Edge SWG (formerly ProxySG) vulnerability status in respect to CVE-2024-26592 and CVE-2024-26594

book

Article ID: 280538

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Proxy administrators would like to determine if Edge SWG (formerly ProxySG) devices are vulnerable to CVE-2024-26592 and CVE-2024-26594.

Environment

Edge SWG (formerly ProxySG)

Cause

Vulnerability Details

CVE ID Number: CVE-2024-26592
Component: Linux Kernel
Date Published: February 22nd, 2024
Description: In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix UAF issue in ksmbd_tcp_new_connection() The race is between the handling of a new TCP connection and its disconnection. It leads to UAF on `struct tcp_transport` in ksmbd_tcp_new_connection() function.
Vector Assessment: NVD assessment not yet provided.
Base Score: N/A

CVE ID Number: CVE-2024-26594
Component: Linux Kernel
Date Published: February 23rd, 2024
Description: In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid.
Vector Assessment: NVD assessment not yet provided.
Base Score: N/A

Advisory Link(s)

Resolution

Edge SWG (formerly ProxySG) devices are not vulnerable to neither CVE-2024-26592 nor CVE-2024-26594.

Additional Information

Feedback

thumb_up Yes

thumb_down No