cbcvebase.

Sangfor Net-Gen Application Firewall vulnerabilities

4 known vulnerabilities affecting sangfor/net-gen_application_firewall.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2023-30805P1CRITICALCVSS 9.8v8.0.172023-10-10
CVE-2023-30805 [CRITICAL] CWE-78 CVE-2023-30805: The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system co The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling of shell meta-characters in the "un" parameter.
nvd
CVE-2023-30806P1CRITICALCVSS 9.8v8.0.172023-10-10
CVE-2023-30806 [CRITICAL] CWE-78 CVE-2023-30806: The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system co The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to mishandling of shell meta-characters in the PHPSESSID cookie
nvd
CVE-2023-30803P2CRITICALCVSS 9.8v8.0.172023-10-10
CVE-2023-30803 [CRITICAL] CWE-290 CVE-2023-30803: The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication bypa The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can bypass authentication and access administrative functionality by sending HTTP requests using a crafted Y-forwarded-for header.
nvd
CVE-2023-30802P4MEDIUMCVSS 5.3v8.0.172023-10-10
CVE-2023-30802 [MEDIUM] CWE-540 CVE-2023-30802: The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosu The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length field.
nvd
Sangfor Net-Gen Application Firewall vulnerabilities | cvebase