On August 17, 2020, a Chinese researcher discovered a remote command execution vulnerability in the Chinese version of Sangfor’s Endpoint Secure Manager. In China, the product is known as Sangfor Endpoint Detection Response Platform (EDR). The China National Vulnerability Database (CNVD) assigned the vulnerability to CNVD-2020-46552
. This vulnerability can be exploited to remotely execute system commands and gain access to the EDR management platform. This vulnerability exists in Chinese versions of EDR v3.2.16,v3.2.17 and v3.2.19. It has been verified that this problem has been fixed in EDR v3.2.21, released on July 9th, 2020, and Sangfor recommends all Chinese EDR users install or upgrade to v3.2.21 to fix the vulnerability.
The current international versions of Sangfor Endpoint Secure are not affected (v3.2.15EN and v3.2.22EN) and none of the English users of Sangfor is impacted.
1. Vulnerability Analysis
Attackers can use this vulnerability to send maliciously constructed HTTP requests to the EDR Manager thereby gaining elevated permissions and perform remote code control execution.
2. Vulnerability Scope
It has been verified that the Chinese versions affected by this vulnerability are
• EDR v3.2.16
• EDR v3.2.17
• EDR v3.2.19
The latest EDR v3.2.21 version is not affected by this vulnerability.
The current international versions of Endpoint Secure (v3.2.15EN and v3.2.22EN) are not affected.
Sangfor has released both the v3.2.21 version and an upgrade package to v3.2.21. Installing or updating to EDR v3.2.21 will fix the RCE vulnerability as well as other pending issues.
1. Users can install the upgrade package through the online upgrade function. Turning on the online upgrade function will automatically install the package and fix the vulnerability.
2. For users who cannot upgrade online directly, they can download the upgrade installation package through the following link:
3. After downloading the upgrade installation package, open the EDR management platform and import the upgrade installation package in the system management-upgrade management-platform and terminal upgrade interface. After importing, the management platform and terminal will be automatically upgraded to the v3.2.21 version.
Sangfor Technical Assistance Center (TAC) will actively assist users in completing the EDR version upgrade.
Sangfor recommends that Sangfor EDR users upgrade as soon as possible to prevent exploit of this vulnerability. If there are any questions or issues in the upgrade process, you can contact Sangfor Customer Support hotline:
- English Customer Service: +60 12711 7129 (7511)
- Mainland China (Incl. HK & Macau) Customer Service: +86 400 630 6430
4. Sangfor’s Commitment to Security
As an industry leading cybersecurity provider, Sangfor Technologies maintains an ongoing commitment to customer about product excellence. Sangfor takes product security concerns seriously and works to quickly evaluate and address them based on the processes below:
1. Sangfor has established a dedicated product security management committee to ensure product security quality is part of the company’s long-term strategy.
2. Sangfor adheres to industry best practices for Secure Coding and Software Development Lifecycle (SDL) integrated into the Company’s security product development at every stage ensuring we will discover any security issues before release.
3. Sangfor mandates continuous DevSecOps and Secure Coding training for ALL developers and ensure they have proper security awareness training for product design & development to continuously improve our products.
4. Sangfor leverages industry recognized application security testing and assessment tools during all stages of testing.
5. Sangfor has a dedicated security research & development department with more than 100 developers assigned to product software development teams.
6. Sangfor has established a bug bounty program open to white hat and ethical hackers to help detect vulnerabilities in our security products.
7. Sangfor maintains a dedicated Product Security Incident Response Team (PSIRT) to investigate and review potential vulnerabilities and security flaws in products. The PSIRT will then provide timely publication of guidance and remediation for product vulnerabilities to minimize customer risk.
CNVD announcement details link: