Описание
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to mishandling of shell meta-characters in the PHPSESSID cookie.
Ссылки
- Product
- ExploitThird Party Advisory
- Third Party Advisory
- Product
- ExploitThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
EPSS
9.8 Critical
CVSS3
Дефекты
Связанные уязвимости
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to mishandling of shell meta-characters in the PHPSESSID cookie.
Уязвимость файла cgi-bin/login.cgi средства межсетевого экранирования Sangfor NGAF, позволяющая нарушителю выполнить произвольный код
EPSS
9.8 Critical
CVSS3