← Voltar para CVEs

CVE-2023-7308

HIGH

7.5

Descricao

SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure vulnerability in the /cgi-bin/authUser/authManageSet.cgi endpoint. The affected component fails to enforce authentication checks on POST requests to retrieve user data. An unauthenticated remote attacker can exploit this flaw to obtain sensitive information, including user identifiers and configuration details, by sending crafted requests to the vulnerable endpoint. An affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-06-18 UTC.

Detalhes CVE

Pontuacao CVSS v3.17.5

SeveridadeHIGH

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado8/27/2025

Ultima modificacao11/20/2025

Fontenvd

Avistamentos honeypot0

Produtos afetados

nsfocusglobal:secgate3600nsfocusglobal:secgate3600_firmware

Fraquezas (CWE)

CWE-306CWE-306

Referencias

https://github.com/jjjj1029056414/selfpoc/blob/main/wangshen-SecGate3600-information-leakage.py(disclosure@vulncheck.com)

https://nsfocusglobal.com/products/next-gen-firewall-2/(disclosure@vulncheck.com)

https://www.vulncheck.com/advisories/secgate3600-firewall-info-disc(disclosure@vulncheck.com)

https://www.vulncheck.com/advisories/secgate3600-firewall-info-disc(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.