CVE-2023-30802

MEDIUM

Sangfor NGAF 8.0.17 - Info Disclosure

Title source: llm

Description

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length field.

References (3)

[Exploit, Third Party Advisory] https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/

[Third Party Advisory] https://vulncheck.com/advisories/sangfor-ngaf-source

[Product] https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4

Scores

CVSS v3 5.3

EPSS 0.0013

EPSS Percentile 31.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-540 CWE-668

Status published

Products (1)

sangfor/next-gen_application_firewall 8.0.17

Published Oct 10, 2023

Tracked Since Feb 18, 2026