Sangfor.Next-Gen.Y-Forwarded-For.Authentication.Bypass
Description
This indicates an attack attempt to exploit an Authentication Bypass vulnerability in Sangfor Next-Gen Application Firewall.
The vulnerability is due to an unprotected endpoint hosted on the device. An unauthenticated attacker can send a crafted HTTP request to this page to manipulate authentication parameters on the system which can lead to full system takeover.
Affected Products
Sangfor Next-Gen Application Firewall version NGAF8.0.17
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Currently we are unaware of any vendor supplied patch for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2024-03-18 | 27.750 |