Published: 21/05/2020 Updated: 02/06/2020

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

An issue exists in AnchorFree VPN SDK prior to 1.3.3.218. The VPN SDK service takes certain executable locations over a socket bound to localhost. Binding to the socket and providing a path where a malicious executable file resides leads to executing the malicious executable file with SYSTEM privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pango virtual private network software development kit

CVE-2020-12828 PoC and Analysis.

ZombieVPN This repo contains everything you need to know about CVE-2020-12828

Make sure you've patched your F5 BIG-IP gear. Exploit code for scary bug is so trivial, it fits in a tweet

The Register • Shaun Nichols in San Francisco • 06 Jul 2020

Plus: What? No. No way. People would just do that? Go on Tor and use it to commit crimes?

In Brief Exploit code for a nasty vulnerability in F5 Networks' BIG-IP application delivery controllers is now doing the rounds, so make sure you're all patched up. Miscreants are scanning the internet for machines to attack, judging from reports by infosec bods running honeypots. Any vulnerable kit facing the 'net is likely to be probed at some point this week, if not already, to see if it can be hijacked. The flaw in question, CVE-2020-5902, lies within the controllers' Traffic Management User...

CVE-2020-12828

Vulnerability Summary

Vulnerability Trend

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect