CVE-2018-20193 Information

Description

Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure LLC) allow privilege escalation as demonstrated by Secure Access SSL VPN SA-4000 5.1R5 (build 9627) 4.2 Release (build 7631). This occurs because appropriate controls are not performed. Specifically it is possible for a readonly user to change the administrator user password by making a local copy of the /dana-admin/user/update.cgi page changing the \user\ value and saving the changes.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://seclists.org/fulldisclosure/2018/Dec/37 http://www.securityfocus.com/bid/106289

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8