Menu

Juniper Secure Access SSL VPN Privilege Escalation

December 27, 2018 - CVE, Exploits

In 2006...

<!--
# Exploit Title: Privilege escalation in Juniper Secure Access SSL VPN -
SA-4000, 5.1R5 (build 9627) 4.2 Release (build 7631)
# Date: 18-12-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.juniper.net/
# Software Link: http://www.juniper.net/
# Version: Juniper Secure Access SSL VPN SA-4000 5.1R5 (build 9627) 4.2
Release (build 7631)
# Tested on: all
# CVE : CVE-2018-20193
# Category: webapps

1. Description

Certain Secure Access SA Series SSL VPN products (originally developed by
Juniper Networks but now sold and supported by Pulse Secure, LLC) allow
privilege escalation, as demonstrated by Secure Access SSL VPN SA-4000
5.1R5 (build 9627) 4.2 Release (build 7631). This occurs because
appropriate controls are not performed.


2. Proof of Concept

It is possible to change the administrator user password from readonly user
because the appropriate controls are not performed. Save the page
/dana-admin/user/update.cgi in local, change the "user" value and save
changes.


3. Solution:

This version is deprecated. Update to latest version of this product.
-->

Leave a Reply

Your email address will not be published. Required fields are marked *