Nsfocus · Secgate3600 · CVE-2023-7308
Name of the Vulnerable Software and Affected Versions:
SecGate3600 (affected versions not specified)
Description:
SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure issue. The vulnerable component fails to enforce authentication checks on POST requests to the `/cgi-bin/authUser/authManageSet.cgi` endpoint, allowing an unauthenticated remote attacker to obtain sensitive information, including user identifiers and configuration details, by sending crafted requests.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.