CVE-2018-20193

Published: Dec 21, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure Access SSL VPN SA-4000 5.1R5 (build 9627) 4.2 Release (build 7631). This occurs because appropriate controls are not performed. Specifically, it is possible for a readonly user to change the administrator user password by making a local copy of the /dana-admin/user/update.cgi page, changing the "user" value, and saving the changes.

Affected (2)

Products: Pulsesecure: Secure Access Series Ssl Vpn Sa 4000

1 product

Secure Access Series Ssl Vpn Sa 4000

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Pulsesecure Secure Access Series Ssl Vpn Sa 4000	Version 4.2
Pulsesecure Secure Access Series Ssl Vpn Sa 4000	Version 5.1r5

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (4)

http://seclists.org/fulldisclosure/2018/Dec/37

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

http://www.securityfocus.com/bid/106289

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2018/Dec/37

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

http://www.securityfocus.com/bid/106289

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.