8.8

CVE-2018-20193

Exploit

EPSS 0.51%
Published 21.12.2018 23:29:00
Last modified 21.11.2024 04:01:03
Source cve@mitre.org
Teams watchlist Login
Open Login

Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure Access SSL VPN SA-4000 5.1R5 (build 9627) 4.2 Release (build 7631). This occurs because appropriate controls are not performed. Specifically, it is possible for a readonly user to change the administrator user password by making a local copy of the /dana-admin/user/update.cgi page, changing the "user" value, and saving the changes.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Pulsesecure ≫ Secure Access Series Ssl Vpn Sa-4000 Version4.2

Pulsesecure ≫ Secure Access Series Ssl Vpn Sa-4000 Version5.1r5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.51%	0.634

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

http://seclists.org/fulldisclosure/2018/Dec/37

Third Party Advisory

Exploit

Mailing List

http://www.securityfocus.com/bid/106289

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2018-20193

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-20193

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-20193

EUVD