Description

The Sangfor NGAF has an authentication bypass vulnerability. An attacker can bypass the authentication with a specially crafted HTTP request and get access to the system.

Remediation

Upgrade to the latest version of Sangfor NGAF

References

Yet More Unauth Remote Command Execution Vulns in Firewalls - Sangfor Edition

Related Vulnerabilities

WordPress Plugin Battle Suit for Divi Security Bypass (1.10.1)

WordPress Plugin Advanced Custom Fields (ACF) Security Bypass (5.12)

WordPress Plugin YITH WooCommerce Advanced Reviews Security Bypass (1.3.9)

WordPress Plugin Mobile Booster Security Bypass (1.0)

WordPress Plugin Catch Scroll Progress Bar Security Bypass (1.5)

Severity

High

Classification

CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Authentication Bypass