Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2023-30805

Published: 10/10/2023 Updated: 13/10/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0

Vulnerability Summary

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling of shell meta-characters in the "un" parameter.

Vulnerable Product Search on Vulmon Subscribe to Product

sangfor next-gen application firewall 8.0.17

Vendor Advisories

Check Point Security Alerts: Sangfor Next-Gen Application Firewall Command Injection (CVE-2023-30805; CVE-2023-30806)
Check Point Reference: CPAI-2023-1368 Date Published: 13 Dec 2023 Severity: Critical ...

References

CWE-78https://vulncheck.com/advisories/sangfor-ngaf-username-rcehttps://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/https://nvd.nist.govhttps://advisories.checkpoint.com/defense/advisories/public/2023/cpai-2023-1368.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310CVE-2024-21683CVE-2024-22187chromedeserializationXPath injectionCVE-2024-27842denial of serviceCVE-2024-24851googleCVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook