PT-2023-6169 · Sangfor · Sangfor Next-Gen Application Firewall
Watchtowr Labs
·
Published
2023-10-10
·
Updated
2025-11-22
·
CVE-2023-30806
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Sangfor Next-Gen Application Firewall version NGAF8.0.17
Description
The Sangfor Next-Gen Application Firewall is affected by an operating system command injection issue. A remote, unauthenticated attacker can execute arbitrary commands by sending a specially crafted HTTP POST request to the
/cgi-bin/login.cgi endpoint. This is due to improper handling of shell meta-characters within the PHPSESSID cookie. The vulnerability allows for remote code execution.Recommendations
Sangfor Next-Gen Application Firewall version NGAF8.0.17: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
RCE
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sangfor Next-Gen Application Firewall