← Retour aux CVEs

CVE-2023-7308

HIGH

7.5

Description

SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure vulnerability in the /cgi-bin/authUser/authManageSet.cgi endpoint. The affected component fails to enforce authentication checks on POST requests to retrieve user data. An unauthenticated remote attacker can exploit this flaw to obtain sensitive information, including user identifiers and configuration details, by sending crafted requests to the vulnerable endpoint. An affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-06-18 UTC.

Details CVE

Score CVSS v3.17.5

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie8/27/2025

Derniere modification11/20/2025

Sourcenvd

Observations honeypot0

Produits affectes

nsfocusglobal:secgate3600nsfocusglobal:secgate3600_firmware

Faiblesses (CWE)

CWE-306CWE-306

References

https://github.com/jjjj1029056414/selfpoc/blob/main/wangshen-SecGate3600-information-leakage.py(disclosure@vulncheck.com)

https://nsfocusglobal.com/products/next-gen-firewall-2/(disclosure@vulncheck.com)

https://www.vulncheck.com/advisories/secgate3600-firewall-info-disc(disclosure@vulncheck.com)

https://www.vulncheck.com/advisories/secgate3600-firewall-info-disc(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.