Dhananjayasj/RRAS-VULNERABILITY-CVE-2026-25172-CVE-2026-25173-CVE-2026--26111

# Windows 11 RRAS Vulnerability Simulation Lab (CVE-2026-25172, CVE-2026-25173, CVE-2026-26111) ## 📋 Overview This lab simulates three critical vulnerabilities in the RRAS management tool (CVE-2026-25172, CVE-2026-25173, CVE-2026-26111). An authenticated domain user or an administrator can be tricked into connecting the RRAS management console to a malicious server, causing a **denial of service (DoS)** or **remote code execution (RCE)**. | Vulnerability | CVSS Score | Severity | |---------------|------------|----------| | CVE-2026-25172 | 8.8 (High) | High | | CVE-2026-25173 | 8.0 (High) | High | | CVE-2026-26111 | 8.0 (High) | High | **Lab Components** - **Attacker Machine**: Kali Linux (simulates malicious RRAS server) - **Victim Machine**: Windows 11 (24H2 or 25H2) – **unpatched** (build lower than `26100.7982` or `26200.7982`) - **Network**: Isolated host‑only virtual network (no internet) ## 🧱 Step 1 – Lab Environment Setup ### 1.1 Create an Isolated Virtual Network - In your hypervisor (VMware/VirtualBox), create a **host‑only** adapter (e.g. `vboxnet0`, `VMnet2`). - Assign static IP addresses: - Attacker (Kali): `192.168.100.10/24` - Victim (Win11): `192.168.100.20/24` - Verify connectivity: `ping 192.168.100.10` from Win11, and vice versa. ### 1.2 Prepare Victim Machine (Windows 11) 1. **Check build & patch status** (PowerShell as Admin): Get-HotFix | Where-Object {$_.HotFixID -eq "KB5084597"} [System.Environment]::OSVersion.Version