Description

In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit Directory Traversal to execute arbitrary code on the appliance.

References

http://www.securityfocus.com/bid/108073

https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/

https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf

https://kb.pulsesecure.net/?atype=sa

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010

https://www.kb.cert.org/vuls/id/927237

Details

Risk Information

CVSS v2

CVSS v3