Headline
CVE-2023-30806: AWS Marketplace: Sangfor Next-Gen Application Firewall
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to mishandling of shell meta-characters in the PHPSESSID cookie.
Product Overview
Sangfor NGAF is the world’s first AI-enabled and fully integrated NGFW (Next-Generation Firewall) + WAF (Web Application Firewall) with an all-around protection from all threats powered by innovations such as Neural-X and Engine Zero. It is a truly secured, integrated and simplified firewall solution, providing a holistic overview of the entire organization’s security network, with ease of management for administration, operation & maintenance.
As the IT industry evolves, so does malicious malware like Ransomware, allowing those with insidious intentions access to all our confidential data, financial information, personal information and more. Traditional internet security solutions are becoming obsolete in the face of rapidly evolving malicious software and network security is taking on a more prominent role in the IT industry. With so many security providers out there, how do organizations determine what security solution will keep them secure with the least out of pocket cost and the most comprehensive protection?
Sangfor has researched, designed and developed Sangfor NGAF, an end-to-end comprehensive Enterprise Firewall Protection solution, specially formulated with our users in mind. Sangfor NGAF is an easy-to-use converged security solution designed to protect users from internal, external, existing and future threats and proactively updated regularly to keep your network safe from those with malicious intent.
Operating System
Linux/Unix, Gentoo 2.6.3
Delivery Methods
- Amazon Machine Image
Pricing Information
Usage Information
Support Information
Customer Reviews