Sangfor Next-Gen Application Firewall PHPSESSID Command Injection
CVE-2023-30806

9.8CRITICAL

Key Information:

Vendor

Sangfor

Status
Net-gen Application Firewall
Vendor
CVE Published:
10 October 2023

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸฃ EPSS 17%

What is CVE-2023-30806?

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is susceptible to an operating system command injection flaw, allowing remote, unauthenticated attackers to execute arbitrary commands by crafting an HTTP POST request directed at the /cgi-bin/login.cgi endpoint. This vulnerability arises from the mismanagement of shell meta-characters within the PHPSESSID cookie. Network security professionals should ensure that their firewall's version is updated to mitigate potential exploitation.

Affected Version(s)

Net-Gen Application Firewall Linux 8.0.17

References

https://labs.watchtowr.com/yet-more-unauth-remote-command...
third-party-advisoryexploittechnical-description
https://vulncheck.com/advisories/sangfor-ngaf-sessid-rce
third-party-advisory
https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4
product

EPSS Score

17% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

watchTowr Labs
watchTowr Labs
JSON
.
CVE-2023-30806 : Sangfor Next-Gen Application Firewall PHPSESSID Command Injection