10
CVSSv2

CVE-2020-12828

Published: 21/05/2020 Updated: 02/06/2020
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

An issue exists in AnchorFree VPN SDK prior to 1.3.3.218. The VPN SDK service takes certain executable locations over a socket bound to localhost. Binding to the socket and providing a path where a malicious executable file resides leads to executing the malicious executable file with SYSTEM privileges.

Vulnerability Trend

Github Repositories

Branch: master Go to file Clone Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Downloading Want to be notified of new releases in 0xsha/ZombieVPN? Sign in Sign up Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit 0xsha committed caf82ff 23 minutes ago … first/last? commit Git stats 5 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time CVE-2020-12828.mp4 first/last? commit 23 minutes ago CVE-2020-12828.py first/last? commit 23 minutes ago LICENSE Initial commit 1 hour ago README.md first/last? commit 38 minutes ago ZombieVPN.pdf first/last? commit 39 minutes ago ZombieVPN.png first/last? commit 39 minutes ago View code README.md ZombieVPN This repo contains everything you need to know about CVE-2020-12828 About CVE-2020-12828 PoC and Analysis. Topics bugbounty cve cve-2020-12828 vulnerability writeup poc Resources Readme License MIT License Releases No releases published Languages Python 100.0%

Recent Articles

The Register

In Brief Exploit code for the pair of nasty vulnerabilities in F5 Networks' BIG-IP application delivery controllers is now doing the rounds, so make sure you're all patched up.
Miscreants are scanning the internet for machines to attack, judging from reports by infosec bods running honeypots. Any vulnerable kit facing the 'net is likely to be probed at some point this week, if not already, to see if it can be hijacked.
The flaws in question, CVE-2020-5902 and CVE-2020-5903, lie withi...