CVE-2022-22908

MEDIUM

Sangfor Vdi Client - Insufficiently Protected Credentials

Title source: rule

Description

SangforCSClient.exe in Sangfor VDI Client 5.4.2.1006 allows attackers, when they are able to read process memory, to discover the contents of the Username and Password fields.

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/NF-Security-Team/CVEs/tree/main/CVE-2022-22908

View Exploit ZIP pw:eip

Scores

CVSS v3 5.5

EPSS 0.0005

EPSS Percentile 16.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-522

Status published

Products (1)

sangfor/vdi_client 5.4.2.1006

Published Feb 26, 2022

Tracked Since Feb 18, 2026