Vulnerability Details : CVE-2023-30806
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to mishandling of shell meta-characters in the PHPSESSID cookie.
Products affected by CVE-2023-30806
- cpe:2.3:a:sangfor:next-gen_application_firewall:ngaf8.0.17:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-30806
15.88%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-30806
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
VulnCheck | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2023-30806
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by:
- disclosure@vulncheck.com (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2023-30806
-
https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/
Yet More Unauth Remote Command Execution Vulns in Firewalls - Sangfor EditionExploit;Third Party Advisory
-
https://vulncheck.com/advisories/sangfor-ngaf-sessid-rce
Sangfor Next-Gen Application Firewall PHPSESSID Command Injection | VulnCheck AdvisoriesThird Party Advisory
-
https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4
AWS Marketplace: Sangfor Next-Gen Application FirewallProduct
Jump to