Description

The Sangfor NGAF has an authentication bypass vulnerability. An attacker can bypass the authentication with a specially crafted HTTP request and get access to the system.

Remediation

Upgrade to the latest version of Sangfor NGAF

References

Yet More Unauth Remote Command Execution Vulns in Firewalls - Sangfor Edition

Related Vulnerabilities

Drupal Core 9.3.x Security Bypass (9.3.0 - 9.3.8)

WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors Security Bypass (3.0.7)

WordPress Plugin Stock Ticker Security Bypass (3.23.0)

WordPress Plugin CMS Tree Page View Security Bypass (1.3.4)

Misfortune Cookie vulnerability

Severity

High

Classification

CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Authentication Bypass