Full Disclosure mailing list archives
Pulse Secure Windows Client <9.1.6 (CVE-2020-13162) - exploit
From: Red Timmy Security <publications () redtimmy com>
Date: Wed, 02 Sep 2020 21:39:20 +0200
Hi,we have just released an exploit for CVE-2020-13162. This vulnerability affects the Windows Client of Pulse Secure < 9.1.6. It is a TOCTOU and allow an attacker to escalate the privilige to NT_AUTHORITY\SYSTEM.
Details about the exploit itself can be found at https://www.redtimmy.com/privilege-escalation/pulse-secure-windows-client/ Instead details about the vulnerability have been published at https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/
Kind Regards RedTimmy Security _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Pulse Secure Windows Client <9.1.6 (CVE-2020-13162) - exploit Red Timmy Security (Sep 04)