CVSS 3.1 Score 9.8 of 10 (high)


Published Oct 10, 2023
Updated: Oct 13, 2023


CVE-2023-30806 is a vulnerability that affects the Sangfor Next-Gen Application Firewall version NGAF8.0.17. It is a critical vulnerability that allows a remote and unauthenticated attacker to execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This vulnerability occurs due to mishandling of shell meta-characters in the PHPSESSID cookie. The impact of this vulnerability is high, as it has a base severity score of 9.8 out of 10 and can lead to compromise of confidentiality, integrity, and availability of the affected system. To remediate this vulnerability, organizations should apply the necessary patches or updates provided by Sangfor to fix the issue and ensure their firewall is protected from potential attacks exploiting this vulnerability.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-30806 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options