← Zuruck zu CVEs

CVE-2023-7308

HIGH

7.5

Beschreibung

SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure vulnerability in the /cgi-bin/authUser/authManageSet.cgi endpoint. The affected component fails to enforce authentication checks on POST requests to retrieve user data. An unauthenticated remote attacker can exploit this flaw to obtain sensitive information, including user identifiers and configuration details, by sending crafted requests to the vulnerable endpoint. An affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-06-18 UTC.

CVE Details

CVSS v3.1 Bewertung7.5

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht8/27/2025

Zuletzt geandert11/20/2025

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

nsfocusglobal:secgate3600nsfocusglobal:secgate3600_firmware

Schwachen (CWE)

CWE-306CWE-306

Referenzen

https://github.com/jjjj1029056414/selfpoc/blob/main/wangshen-SecGate3600-information-leakage.py(disclosure@vulncheck.com)

https://nsfocusglobal.com/products/next-gen-firewall-2/(disclosure@vulncheck.com)

https://www.vulncheck.com/advisories/secgate3600-firewall-info-disc(disclosure@vulncheck.com)

https://www.vulncheck.com/advisories/secgate3600-firewall-info-disc(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.