CVE-2023-30804

Published: Oct 10, 2023Modified: Nov 28, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authenticated file disclosure vulnerability. A remote and authenticated attacker can read arbitrary system files using the svpn_html/loadfile.php endpoint. This issue is exploitable by a remote and unauthenticated attacker when paired with CVE-2023-30803.

Affected (1)

Products: Sangfor: Next Gen Application Firewall

1 product

Next Gen Application Firewall

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sangfor Next Gen Application Firewall	Version 8.0.17

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4

Source: disclosure@vulncheck.com

Product

https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/

Source: disclosure@vulncheck.com

ExploitThird Party Advisory

https://vulncheck.com/advisories/sangfor-ngaf-auth-file-disclosure

Source: disclosure@vulncheck.com

Third Party Advisory

https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://vulncheck.com/advisories/sangfor-ngaf-auth-file-disclosure

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.