Vulnerabilities > CVE-2023-30804 - Unspecified vulnerability in Sangfor Next-Gen Application Firewall 8.0.17
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authenticated file disclosure vulnerability. A remote and authenticated attacker can read arbitrary system files using the svpn_html/loadfile.php endpoint. This issue is exploitable by a remote and unauthenticated attacker when paired with CVE-2023-30803.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4
- https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/
- https://vulncheck.com/advisories/sangfor-ngaf-auth-file-disclosure
- https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4
- https://vulncheck.com/advisories/sangfor-ngaf-auth-file-disclosure
- https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/