CVE-2023-7308

Name: CVE-2023-7308
Creator: NVD / NIST
Published: 2025-08-27T22:15:32.733+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.7/10EPSS 6.71%

Last modified Jun 17, 2026

CVE-2023-7308 is a high-severity vulnerability rated 8.7/10 on the CVSS scale. SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure vulnerability in the /cgi-bin/authUser/authManageSet.cgi endpoint. The affected component fails to enforce authentication checks on POST requests to retrieve user data. EPSS estimates a 6.71% chance of exploitation in the next 30 days.

Description

SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure vulnerability in the /cgi-bin/authUser/authManageSet.cgi endpoint. The affected component fails to enforce authentication checks on POST requests to retrieve user data. An unauthenticated remote attacker can exploit this flaw to obtain sensitive information, including user identifiers and configuration details, by sending crafted requests to the vulnerable endpoint. An affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-06-18 UTC.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS 4.0

8.7/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

6.71%

93.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Nsfocusglobal	Secgate3600 Firmware	All versions

References

https://github.com/jjjj1029056414/selfpoc/blob/main/wangshen-SecGate3600-information-leakage.pyExploit
https://nsfocusglobal.com/products/next-gen-firewall-2/Product
https://www.vulncheck.com/advisories/secgate3600-firewall-info-discThird Party Advisory
https://www.vulncheck.com/advisories/secgate3600-firewall-info-discThird Party Advisory

Timeline

Published: Aug 27, 2025
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-7308?

How severe is CVE-2023-7308?

CVE-2023-7308 has a CVSS score of 8.7/10 (HIGH severity). The EPSS model estimates a 6.71% probability of exploitation in the next 30 days.

How do I fix CVE-2023-7308?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-7308?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST