CVE-2023-30803 - OpenCVE

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can bypass authentication and access administrative functionality by sending HTTP requests using a crafted Y-forwarded-for header.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Sangfor	Next-gen Application Firewall

Configuration 1 [-]

cpe:2.3:a:sangfor:next-gen_application_firewall:8.0.17:*:*:*:*:*:*:*

References

Link	Resource
https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4	Product
https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/	Exploit Third Party Advisory
https://vulncheck.com/advisories/sangfor-ngaf-auth-bypass	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: VulnCheck

Published: 2023-10-10T14:14:04.657Z

Updated: 2023-10-10T14:14:04.657Z

Reserved: 2023-04-18T10:31:45.963Z

Link: CVE-2023-30803

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-10T15:15:09.957

Modified: 2023-10-13T14:59:30.843

Link: CVE-2023-30803

JSON object: View

Redhat Information

No data.

CWE

CWE-290

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-30803", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2023-04-18T10:31:45.963Z", "datePublished": "2023-10-10T14:14:04.657Z", "dateUpdated": "2023-10-10T14:14:04.657Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "Net-Gen Application Firewall", "vendor": "Sangfor", "versions": [{"status": "affected", "version": "8.0.17"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "watchTowr Labs"}, {"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "watchTowr Labs"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can bypass authentication and access administrative functionality by sending HTTP requests using a crafted Y-forwarded-for header.<br></div>"}], "value": "The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can bypass authentication and access administrative functionality by sending HTTP requests using a crafted Y-forwarded-for header.\n\n\n"}], "impacts": [{"capecId": "CAPEC-21", "descriptions": [{"lang": "en", "value": "CAPEC-21: Exploitation of Trusted Identifiers"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-290", "description": "CWE-290: Authentication Bypass by Spoofing", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2023-10-10T14:14:04.657Z"}, "references": [{"tags": ["third-party-advisory", "exploit", "technical-description"], "url": "https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/"}, {"tags": ["third-party-advisory"], "url": "https://vulncheck.com/advisories/sangfor-ngaf-auth-bypass"}, {"tags": ["product"], "url": "https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4"}], "source": {"discovery": "UNKNOWN"}, "title": "Sangfor Next-Gen Application Firewall Authentication Bypass", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sangfor:next-gen_application_firewall:8.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "CBC7AFA9-F1A0-42C2-AC34-DB6465E81A7F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can bypass authentication and access administrative functionality by sending HTTP requests using a crafted Y-forwarded-for header.\n\n\n"}, {"lang": "es", "value": "La versi\u00f3n NGAF8.0.17 del Sangfor Next-Gen Application Firewall est\u00e1 afectada por una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n. Un atacante remoto y no autenticado puede omitir la autenticaci\u00f3n y acceder a la funcionalidad administrativa enviando solicitudes HTTP utilizando un encabezado Y-forward-for manipulado."}], "id": "CVE-2023-30803", "lastModified": "2023-10-13T14:59:30.843", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2023-10-10T15:15:09.957", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4"}, {"source": "disclosure@vulncheck.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://vulncheck.com/advisories/sangfor-ngaf-auth-bypass"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-290"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-290"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}