Blast from The Past

Introduction

The following CVEs affect the VPN:

• CVE-2019-11510 - Pre-auth Arbitrary File Reading
• CVE-2019-11542 - Post-auth Stack Buffer Overflow
• CVE-2019-11539 - Post-auth Command Injection
• CVE-2019-11538 - Post-auth Arbitrary File Reading
• CVE-2019-11508 - Post-auth Arbitrary File Writing
• CVE-2019-11540 - Post-auth Session Hijacking

Does 'nuclei' have these CVEs?

It DOES! Here it is!

That's amazing. Looks like we could have found this if we just ran nuclei on the target.

Unfortunately, the Department of Defense (DoD) bug bounty program redacts the affected endpoints. Therefore, there's no way to know which endpoint it was.

Maybe, we could leverage Shodan?