CVE-2023-46964 in Next Generation FireWall SG-6000-e3960info

Summary

by MITRE • 11/05/2023

Cross Site Scripting (XSS) vulnerability in Hillstone Next Generation FireWall SG-6000-e3960 v.5.5 allows a remote attacker to execute arbitrary code via the use front-end filtering instead of back-end filtering.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 02/18/2026

The CVE-2023-46964 vulnerability represents a critical cross site scripting flaw within the Hillstone Next Generation Firewall SG-6000-e3960 version 5.5, demonstrating a fundamental security weakness in the device's input validation mechanisms. This vulnerability specifically manifests when the firewall employs front-end filtering processes rather than implementing robust back-end validation controls, creating a pathway for malicious actors to inject harmful scripts into the system. The flaw resides in the firewall's web-based management interface where user inputs are not properly sanitized before being processed or displayed, allowing attackers to manipulate the system through carefully crafted malicious payloads.

The technical implementation of this vulnerability stems from the inconsistent security controls between the front-end and back-end processing layers of the firewall's web interface. When front-end filtering is enabled, the system relies on client-side validation which can be easily bypassed or disabled by attackers. This creates a dangerous scenario where malicious scripts can be executed in the context of the victim's browser session, potentially leading to unauthorized access to administrative functions or data exfiltration. The vulnerability is classified as a CWE-79: Cross-Site Scripting, which represents one of the most prevalent and dangerous web application security flaws in the industry. The ATT&CK framework categorizes this under T1566.001: Phishing, as the attack vector leverages the web interface to deliver malicious payloads to unsuspecting users.

The operational impact of this vulnerability extends beyond simple script execution, as it provides attackers with a potential foothold for more sophisticated attacks within the network infrastructure. An attacker who successfully exploits this vulnerability could gain access to the firewall's administrative interface, potentially allowing them to modify firewall rules, disable security features, or establish persistent access points within the network. The remote nature of the attack means that threat actors do not require physical access to the device or network, making the vulnerability particularly concerning for organizations that rely on web-based management interfaces for their security infrastructure. This flaw could enable attackers to escalate privileges and gain deeper access to the protected network segments, effectively compromising the firewall's primary security function.

Organizations should immediately implement mitigations including disabling front-end filtering mechanisms and enforcing strict back-end validation controls to prevent the exploitation of this vulnerability. The recommended approach involves ensuring that all user inputs are properly sanitized and validated on the server-side before being processed or displayed. Security teams should also consider implementing additional monitoring and detection measures to identify potential exploitation attempts, particularly focusing on unusual patterns of web interface access or script execution. The firewall vendor should be consulted for official patches or workarounds, as this vulnerability represents a critical security gap that could be exploited by threat actors with basic web application attack knowledge. Regular security assessments and penetration testing should be conducted to identify similar weaknesses in other network security devices and web applications within the organization's infrastructure.

Reservation

10/30/2023

Disclosure

11/05/2023

Moderation

accepted

CPE

ready

EPSS

0.00550

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!