PCS allows administrative users to import and export archived configurations via the /dana-admin/cached/config/import.cgi CGI script. An attacker with such access will be able to circumvent any restrictions enforced via the web application, as well as remount the filesystem, allowing them to create a persistent backdoor, extract and decrypt credentials, or pivot into the internal network. Successful exploitation by an authenticated administrator results in Remote Code Execution on the underlying Operating System with root privileges. The Pulse Connect Secure appliance suffers from an uncontrolled gzip extraction vulnerability which allows an attacker to overwrite arbitrary files, resulting in Remote Code Execution as root. Richard Warren - richard.warrennccgroupcomÄavid Cash – david.cashnccgroupcom Summary Systems Affected: Pulse Connect Secure (PCS) Appliances Versions affected: Pulse Connect Secure (PCS) 9.1Rx or below
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |