Sangfor is a Chinese network security company that provides services such as hyper-convergence, distributed storage, private cloud, desktop cloud, managed cloud, edge computing, VPN and more
aTrust under its banner has a privilege escalation vulnerability
Official website: https://www.sangfor.com.cn/sangfor-security/atrust
Version: V2.3.10.60 (latest)
Atrust is a VPN system of Sangfor, the default installation path is
C:\\Program Files (x86)\\Sangfor\\aTrust
Users can access this folder, while administrators can fully control permissions
The software starts a service with SYSTEM permission when it is launched
Software ownership
When running the software, it will call a dll named MSASN1.dll, and a malicious MSASN1.dll can be placed in the relevant directory to complete the privilege escalation
Writing a malicious dll using Visual Studio
Restart the device and found that the privilege escalation was successful
