Sangfor Next-Gen Application Firewall Authentication Bypass
CVE-2023-30803

9.8CRITICAL

Key Information:

Vendor

Sangfor

Status
Net-gen Application Firewall
Vendor
CVE Published:
10 October 2023

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸฃ EPSS 18%

What is CVE-2023-30803?

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is affected by an authentication bypass vulnerability, allowing unauthenticated remote attackers to manipulate administrative sessions. This is achieved by sending specially crafted HTTP requests with a Y-forwarded-for header, potentially leading to unauthorized access to sensitive administrative functionalities. Organizations using this firewall version should evaluate their exposure to this vulnerability and take appropriate measures to secure their systems.

Affected Version(s)

Net-Gen Application Firewall Linux 8.0.17

References

https://labs.watchtowr.com/yet-more-unauth-remote-command...
third-party-advisoryexploittechnical-description
https://vulncheck.com/advisories/sangfor-ngaf-auth-bypass
third-party-advisory
https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4
product

EPSS Score

18% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

watchTowr Labs
watchTowr Labs
.