Pulse Secure VPN Remote Code Execution
Posted by deepcore on December 20, 2020 – 2:15 am
The Pulse Connect Secure appliance versions prior to 9.1R9 suffer from an uncontrolled gzip extraction vulnerability which allows an attacker to overwrite arbitrary files, resulting in remote code execution as root. Admin credentials are required for successful exploitation.
Post a reply
You must be logged in to post a comment.