Home
Product
Product

Delivering high value, high performance and high experience cutting edge technology products to customers worldwide
CLICK MORE
- SMS
- PAM
- EPV
- DIM
- DBXPEXT
- DAF
- NGDAP
- NGWAF
- DDM
- iLOG
- iSIEM
Solution
Solution

Bringing an efficient, green and innovative Solution and application experience to the world
CLICK MORE
- Operator
- Finance
- Energy
- Medicine
- Government
- Internet
- Educational
- Enterprises
Support
Support

Bringing professional, timely and personalised security services and technical support to customers worldwide
CLICK MORE
Channel
Channel

To provide a win-win, honest and innovative cooperation platform for global partners
CLICK MORE
Video
About Us
About Us

Vertical specialisation Continuous innovation Unique craftsmanship
CLICK MORE

中文

Home
Product

SMS PAM EPV DIM DBXPEXT DAF NGDAP NGWAF DDM iLOG iSIEM
Solution

Operator Finance Energy Medicine Government Internet Educational Enterprises
Support

Security research Security services Training After-sales service
Channel

Cooperation Channel Policy Process
Video
About Us

Company Profile Corporate Culture Qualification News Media Recruit Contact Us
Fund

Social welfare Educational public welfare

Security research

Hanwu Safety Laboratory

Vulnerability warning

Security Bulletin

deeply convinced of SSL VPN command injection vulnerability

0x00 Vulnerability number

Not yet

0x01 Hazard level

high-risk

0x02 Vulnerability overview

Deeply convinced that there is an injection vulnerability in URL parameters in an interface of SSL VPN products, an attacker can use this vulnerability to obtain control rights of SSL VPN devices.

0x03 version affected

SSL VPN <= 7.6.7

SSL VPN <= 7.6.7

0x04 repair suggestions

At present, the vulnerability repair version has been officially released. The download address for security status query is:

https://www.sangfor.com.cn/technical-support-and-service/security-centre/sec-check

下一条：Advantech iView SQL injection ...Previous：git lab Remote Code Execution ...

Return