CVE-2023-7308

SecGate3600 Firewall Information Disclosure via authManageSet.cgi

CVSS 8.7 HIGHEPSS 6.7%CWE-306

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.7EPSS 6.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

27 ago 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure vulnerability in the /cgi-bin/authUser/authManageSet.cgi endpoint. The affected component fails to enforce authentication checks on POST requests to retrieve user data. An unauthenticated remote attacker can exploit this flaw to obtain sensitive information, including user identifiers and configuration details, by sending crafted requests to the vulnerable endpoint. An affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-06-18 UTC.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Produtos afetados

NSFOCUS · SecGate3600 Firewall

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/jjjj1029056414/selfpoc/blob/main/wangshen-SecGate3600-information-leakage.py https://nsfocusglobal.com/products/next-gen-firewall-2/https://www.vulncheck.com/advisories/secgate3600-firewall-info-disc