Lucene search

VulnCheckCVELIST:CVE-2023-30806

HistoryOct 10, 2023 - 2:27 p.m.

CVE-2023-30806 Sangfor Next-Gen Application Firewall PHPSESSID Command Injection

2023-10-1014:27:42

CWE-78

VulnCheck

www.cve.org

sangfor

application firewall

command injection

vulnerability

http

remote attack

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.077

Percentile

94.3%

JSON

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to mishandling of shell meta-characters in the PHPSESSID cookie.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "Net-Gen Application Firewall",
    "vendor": "Sangfor",
    "versions": [
      {
        "status": "affected",
        "version": "8.0.17"
      }
    ]
  }
]

References

aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4

labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/

vulncheck.com/advisories/sangfor-ngaf-sessid-rce

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.077

Percentile

94.3%

JSON

Related for CVELIST:CVE-2023-30806