CVE-2020-12828

Published: May 21, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VPN SDK service takes certain executable locations over a socket bound to localhost. Binding to the socket and providing a path where a malicious executable file resides leads to executing the malicious executable file with SYSTEM privileges.

Affected (1)

Products: Pango: Virtual Private Network Software Development Kit

1 product

Virtual Private Network Software Development Kit

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pango Virtual Private Network Software Development Kit	Before 1.3.3.218

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://www.pango.co/sec31944/

Source: cve@mitre.org

Vendor Advisory

https://www.pango.co/sec31944/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.