Attacking SSL VPN - Part 3: The Golden Pulse Secure SSL VPN RCE Chain, with Twitter as Case Study!
Tags
country: China
attack-pattern: Data Model Exploits - T1587.004 Exploits - T1588.005 Javascript - T1059.007 Multi-Factor Authentication - T1556.006 Server - T1583.004 Server - T1584.004 Ssh - T1021.004 Vulnerabilities - T1588.006 Connection Proxy - T1090 Scripting - T1064 Scripting
Show in Graph
Common Information
Type Value
UUID bce8e808-d128-43da-8a8e-2cd53feebc13
Fingerprint 8e78cd40aca127cd
Analysis status DONE
Considered CTI value 2
Text language
Published Sept. 2, 2019, 11:04 p.m.
Added to db Feb. 18, 2023, 1:16 a.m.
Last updated Nov. 17, 2024, 6:53 p.m.
Headline Orange
Title Attacking SSL VPN - Part 3: The Golden Pulse Secure SSL VPN RCE Chain, with Twitter as Case Study!
Detected Hints/Tags/Attributes 83/2/18
Source URLs
Redirection Url
Details Source https://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html
URL Provider
Details Provider Source level domain
Details orange.tw blog.orange.tw
Attributes
Details Type #Events CTI Value
Details CVE 150 
cve-2018-13379
Details CVE 128 
cve-2019-11510
Details CVE 15 
cve-2019-11539
Details CVE 4 
cve-2019-11542
Details CVE 4 
cve-2019-11538
Details CVE 4 
cve-2019-11508
Details CVE 4 
cve-2019-11540
Details CVE 3 
cve-2019-11507
Details Domain 2 
dshc.so
Details Domain 2 
dssafe.pm
Details Domain 2 
dssfafe.pm
Details File 4 
malicious.html
Details File 6 
window.doc
Details Url 2 
http://attacker/malicious.html
Details Url 2 
https://sslvpn/dana/cs/cs.cgi?action=appletobj
Details Url 2 
https://sslvpn/dana/home/cts_get_ica.cgi
Details Url 2 
https://sslvpn/dana-admin/auth/hc.cgi
Details Url 2 
https://sslvpn/dana-na/auth/setcookie.cgi