CVE-2023-7308

Sažetak

SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure vulnerability in the /cgi-bin/authUser/authManageSet.cgi endpoint. The affected component fails to enforce authentication checks on POST requests to retrieve user data. An unauthenticated remote attacker can exploit this flaw to obtain sensitive information, including user identifiers and configuration details, by sending crafted requests to the vulnerable endpoint. An affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-06-18 UTC.

Reference

https://github.com/jjjj1029056414/selfpoc/blob/main/wangshen-SecGate3600-information-leakage.py
https://nsfocusglobal.com/products/next-gen-firewall-2/
https://www.vulncheck.com/advisories/secgate3600-firewall-info-disc
https://www.vulncheck.com/advisories/secgate3600-firewall-info-disc

CVSS

Base:	7.5
Impact:	3.6
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

20-11-2025 - 18:15

Objavljeno

27-08-2025 - 22:15