Hi,
we have just released an exploit for CVE-2020-13162. This vulnerability
affects the Windows Client of Pulse Secure < 9.1.6. It is a TOCTOU and
allow an attacker to escalate the privilige to NT_AUTHORITY\SYSTEM.
Details about the exploit itself can be found at
https://www.redtimmy.com/privilege-escalation/pulse-secure-windows-client/
Instead details about the vulnerability have been published at
https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/
Kind Regards
RedTimmy Security
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
