|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-05-06 | |
| Rule Name: | Sangfor SSL VPN checkurl.csp Remote Code Execution Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Sangfor SSL VPN is a VPN technology that realizes remote access by relying on the solution technology provided by the company to solve remote user access to sensitive company data. Sangfor SSL VPN's checkurl.csp interface has a command injection vulnerability. An attacker can use this vulnerability to arbitrarily execute code on the server side and obtain the server permissions. | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |