Joining a VPN does not require administrator access; a malicious party hosting any openconnect server can redirect the host's network traffic over via their own server.
This vulnerability is executed by…simply logging into their own server.
The same preconditions apply as to #113. Note that hosting a global protect server is not necessary, if commands are sent directly to the DBUS service. In this case, hosting any openconnect supported VPN server will suffice.
Proposed Fix
See #113 as both vulnerabilities have the same fix.
The text was updated successfully, but these errors were encountered:
Joining a VPN does not require administrator access; a malicious party hosting any openconnect server can redirect the host's network traffic over via their own server.
This vulnerability is executed by…simply logging into their own server.
The same preconditions apply as to #113. Note that hosting a global protect server is not necessary, if commands are sent directly to the DBUS service. In this case, hosting any openconnect supported VPN server will suffice.
Proposed Fix
See #113 as both vulnerabilities have the same fix.
The text was updated successfully, but these errors were encountered: