Vulnerability Description
SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure vulnerability in the /cgi-bin/authUser/authManageSet.cgi endpoint. The affected component fails to enforce authentication checks on POST requests to retrieve user data. An unauthenticated remote attacker can exploit this flaw to obtain sensitive information, including user identifiers and configuration details, by sending crafted requests to the vulnerable endpoint. An affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-06-18 UTC.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nsfocusglobal | Secgate3600 Firmware | - |
| Nsfocusglobal | Secgate3600 | - |
Related Weaknesses (CWE)
References
- https://github.com/jjjj1029056414/selfpoc/blob/main/wangshen-SecGate3600-informaExploit
- https://nsfocusglobal.com/products/next-gen-firewall-2/Product
- https://www.vulncheck.com/advisories/secgate3600-firewall-info-discThird Party Advisory
- https://www.vulncheck.com/advisories/secgate3600-firewall-info-discThird Party Advisory
FAQ
What is CVE-2023-7308?
CVE-2023-7308 is a vulnerability with a CVSS score of 7.5 (HIGH). SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure vulnerability in the /cgi-bin/authUser/authManageSet.cgi endpoint. The affected component fail...
How severe is CVE-2023-7308?
CVE-2023-7308 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-7308?
Check the references section above for vendor advisories and patch information. Affected products include: Nsfocusglobal Secgate3600 Firmware, Nsfocusglobal Secgate3600.