CVE-2023-7308
BaseFortify
Publication date: 2025-08-27
Last updated on: 2025-11-20
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nsfocusglobal | secgate3600_firmware | * |
| nsfocusglobal | secgate3600 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the SecGate3600 network firewall product by NSFOCUS. It occurs because the /cgi-bin/authUser/authManageSet.cgi endpoint does not enforce authentication checks on POST requests. This allows an unauthenticated remote attacker to send specially crafted requests to this endpoint and retrieve sensitive information such as user identifiers and configuration details.
How can this vulnerability impact me? :
The vulnerability can lead to sensitive information disclosure. An attacker who exploits this flaw can obtain user identifiers and configuration details without authentication, potentially compromising the security of the network firewall and exposing critical internal information.