CVE-2018-20193 — HIGH (8.8)

Vulnerability Description

Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure Access SSL VPN SA-4000 5.1R5 (build 9627) 4.2 Release (build 7631). This occurs because appropriate controls are not performed. Specifically, it is possible for a readonly user to change the administrator user password by making a local copy of the /dana-admin/user/update.cgi page, changing the "user" value, and saving the changes.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Pulsesecure	Secure Access Series Ssl Vpn Sa-4000	4.2

Related Weaknesses (CWE)

CWE-269

References

http://seclists.org/fulldisclosure/2018/Dec/37ExploitMailing ListThird Party Advisory
http://www.securityfocus.com/bid/106289Third Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2018/Dec/37ExploitMailing ListThird Party Advisory
http://www.securityfocus.com/bid/106289Third Party AdvisoryVDB Entry

FAQ

What is CVE-2018-20193?

CVE-2018-20193 is a vulnerability with a CVSS score of 8.8 (HIGH). Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure Access...

How severe is CVE-2018-20193?

CVE-2018-20193 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-20193?

Check the references section above for vendor advisories and patch information. Affected products include: Pulsesecure Secure Access Series Ssl Vpn Sa-4000.