← Volver a CVEs
CVE-2023-7308
HIGH7.5
Descripcion
SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure vulnerability in the /cgi-bin/authUser/authManageSet.cgi endpoint. The affected component fails to enforce authentication checks on POST requests to retrieve user data. An unauthenticated remote attacker can exploit this flaw to obtain sensitive information, including user identifiers and configuration details, by sending crafted requests to the vulnerable endpoint. An affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-06-18 UTC.
Detalles CVE
Puntuacion CVSS v3.17.5
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado8/27/2025
Ultima modificacion11/20/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
nsfocusglobal:secgate3600nsfocusglobal:secgate3600_firmware
Debilidades (CWE)
CWE-306CWE-306
Referencias
https://github.com/jjjj1029056414/selfpoc/blob/main/wangshen-SecGate3600-information-leakage.py(disclosure@vulncheck.com)
https://nsfocusglobal.com/products/next-gen-firewall-2/(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/secgate3600-firewall-info-disc(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/secgate3600-firewall-info-disc(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.