Description

The Sangfor NGAF has an authentication bypass vulnerability. An attacker can bypass the authentication with a specially crafted HTTP request and get access to the system.

Remediation

Upgrade to the latest version of Sangfor NGAF

References

Yet More Unauth Remote Command Execution Vulns in Firewalls - Sangfor Edition

Related Vulnerabilities

WordPress Plugin Price Commander for WooCommerce Security Bypass (1.2.2)

WordPress Plugin Product Addons & Fields for WooCommerce Security Bypass (23.9)

Drupal Core 8.7.4 Security Bypass (8.7.4)

WordPress Plugin MStore API-Create Native Android & iOS Apps On The Cloud Security Bypass (4.10.7)

WordPress Plugin Tabs-Responsive Tabs with WooCommerce Product Tab Extension Security Bypass (3.6.0)

Severity

High

Classification

CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Authentication Bypass