Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Sangfor EDR 3.2.17R1/3.2.21 - Remote Code Execution" module is designed to detect a critical vulnerability in the Sangfor EDR software versions 3.2.17R1 and 3.2.21. This vulnerability allows remote unauthenticated users to execute arbitrary commands on the target system. The severity of this vulnerability is classified as critical.
This module was authored by pikpikcu.
If successfully exploited, this vulnerability can lead to unauthorized remote code execution on the target system. Attackers can leverage this to gain full control over the affected system, potentially compromising sensitive data, disrupting operations, or launching further attacks.
The module sends an HTTP POST request to the "/api/edr/sangforinter/v2/cssp/slog_client" endpoint with a specific token. It then applies two matching conditions to determine if the vulnerability is present:
If both conditions are met, the module reports the vulnerability.
For more information, you can refer to the following reference: https://www.cnblogs.com/0day-li/p/13650452.html
Content-Type: application/x-www-fo...