Lucene search
Rafael Pedrero1337DAY-ID-31835HistoryDec 23, 2018 - 12:00 a.m.
Juniper Secure Access SSL VPN Privilege Escalation Vulnerability
2018-12-2300:00:00
Rafael Pedrero
0day.today
30
0.001 Low
EPSS
Percentile
42.0%
Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure Access SSL VPN SA-4000 5.1R5 (build 9627) 4.2 Release (build 7631). This occurs because appropriate controls are not performed.
<!--
# Exploit Title: Privilege escalation in Juniper Secure Access SSL VPN -
SA-4000, 5.1R5 (build 9627) 4.2 Release (build 7631)
# Date: 18-12-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.juniper.net/
# Software Link: http://www.juniper.net/
# Version: Juniper Secure Access SSL VPN SA-4000 5.1R5 (build 9627) 4.2
Release (build 7631)
# Tested on: all
# CVE : CVE-2018-20193
# Category: webapps
1. Description
Certain Secure Access SA Series SSL VPN products (originally developed by
Juniper Networks but now sold and supported by Pulse Secure, LLC) allow
privilege escalation, as demonstrated by Secure Access SSL VPN SA-4000
5.1R5 (build 9627) 4.2 Release (build 7631). This occurs because
appropriate controls are not performed.
2. Proof of Concept
It is possible to change the administrator user password from readonly user
because the appropriate controls are not performed. Save the page
/dana-admin/user/update.cgi in local, change the "user" value and save
changes.
3. Solution:
This version is deprecated. Update to last version this product.
-->
# 0day.today [2018-12-24] #Related
cve
cve
CVE-2018-20193
2018-12-21 23:29:00
nvd
nvd
CVE-2018-20193
2018-12-21 23:29:00
prion
prion
Privilege escalation
2018-12-21 23:29:00
packetstorm
packetstorm
Juniper Secure Access SSL VPN Privilege Escalation
2018-12-22 00:00:00
cvelist
cvelist
CVE-2018-20193
2018-12-21 23:00:00