Description

The Sangfor NGAF has an authentication bypass vulnerability. An attacker can bypass the authentication with a specially crafted HTTP request and get access to the system.

Remediation

Upgrade to the latest version of Sangfor NGAF

References

Yet More Unauth Remote Command Execution Vulns in Firewalls - Sangfor Edition

Related Vulnerabilities

WordPress Plugin Job Manager Security Bypass (0.7.25)

WordPress Plugin CardGate Payments for WooCommerce Security Bypass (3.1.15)

WordPress Plugin YITH WooCommerce Product Bundles Security Bypass (1.1.15)

Drupal Core 5.x Multiple Security Bypass Vulnerabilities (5.0 - 5.10)

WordPress Plugin Maps Widget for Google Maps-Google Maps Builder Security Bypass (4.16)

Severity

High

Classification

CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Authentication Bypass