CVE-2018-20193
HIGHSecure Access SA Series SSL VPN <5.1R5-4.2 - Privilege Escalation
Title source: llmDescription
Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure Access SSL VPN SA-4000 5.1R5 (build 9627) 4.2 Release (build 7631). This occurs because appropriate controls are not performed. Specifically, it is possible for a readonly user to change the administrator user password by making a local copy of the /dana-admin/user/update.cgi page, changing the "user" value, and saving the changes.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106289
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Dec/37
Scores
CVSS v3
8.8
EPSS
0.0130
EPSS Percentile
66.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-269
Status
published
Products (2)
pulsesecure/secure_access_series_ssl_vpn_sa-4000
4.2
pulsesecure/secure_access_series_ssl_vpn_sa-4000
5.1r5
Published
Dec 21, 2018
Tracked Since
Feb 18, 2026