A DLL hijacking and privilege escalation vulnerability exists in the BIG-IP Edge Client Windows Installer (CVE-2022-28714 acknowledged to CodeGreen), which was discovered by CodeGreen’s security analysts while engaging in a penetration test for one of the largest BFSI customers in the region.

Check Point SSL VPN Mobile Access Portal Agent suffers from a zero day vulnerability where in a hacker can potentially run an arbitrary application that was placed in a specially created location compromising the security. We have discovered this zero day vulnerability while being engaged in a penetration test with one of the largest regional banks.

F5 BIG-IP APM versions 11.6.1 - 16.0.1 suffer from a session hijack zero day vulnerability (CVE-2021-23002 acknowledged to CodeGreen), which was discovered by CodeGreen’s security analysts while engaging in a penetration test for one of our BFSI customers. This blog demonstrates this vulnerability along with proof-of-concept (PoC) document we submitted to F5 SIRT.