Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Pulse Secure Windows Client <9.1.6 (CVE-2020-13162) - exploit

From: Red Timmy Security <publications () redtimmy com>
Date: Wed, 02 Sep 2020 21:39:20 +0200
Hi,
we have just released an exploit for CVE-2020-13162. This vulnerability affects the Windows Client of Pulse Secure < 9.1.6. It is a TOCTOU and allow an attacker to escalate the privilige to NT_AUTHORITY\SYSTEM.
Details about the exploit itself can be found at https://www.redtimmy.com/privilege-escalation/pulse-secure-windows-client/ Instead details about the vulnerability have been published at https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/ 

Kind Regards
RedTimmy Security


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: