CVE-2020-12828 PoC and Analysis.
ZombieVPN This repo contains everything you need to know about CVE-2020-12828
An issue exists in AnchorFree VPN SDK prior to 1.3.3.218. The VPN SDK service takes certain executable locations over a socket bound to localhost. Binding to the socket and providing a path where a malicious executable file resides leads to executing the malicious executable file with SYSTEM privileges.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pango virtual private network software development kit |
Plus: What? No. No way. People would just do that? Go on Tor and use it to commit crimes?
In Brief Exploit code for a nasty vulnerability in F5 Networks' BIG-IP application delivery controllers is now doing the rounds, so make sure you're all patched up. Miscreants are scanning the internet for machines to attack, judging from reports by infosec bods running honeypots. Any vulnerable kit facing the 'net is likely to be probed at some point this week, if not already, to see if it can be hijacked. The flaw in question, CVE-2020-5902, lies within the controllers' Traffic Management User...