CVE-2023-30806

high-risk
Published 2023-10-10

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to mishandling of shell meta-characters in the PHPSESSID cookie.

Do I need to act?

!
17.0% chance of exploitation in next 30 days
EPSS score — higher than 83% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Sangfor

References (6)

Product https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4
Exploit https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-fir...
Third Party Advisory https://vulncheck.com/advisories/sangfor-ngaf-sessid-rce
Product https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4
Exploit https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-fir...
Third Party Advisory https://vulncheck.com/advisories/sangfor-ngaf-sessid-rce
50
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 13/34 · Low
Exposure 5/34 · Minimal