Vigil@nce - Pulse Secure Connect Secure: privilege escalation via RDP
April 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use RDP of Pulse Secure Connect Secure, in order
to escalate his privileges.
Impacted products: Pulse Connect Secure.
Severity: 2/4.
Creation date: 26/02/2016.
DESCRIPTION OF THE VULNERABILITY
The Pulse Secure Connect Secure product can be used to restrict
RDP (Remote Desktop Protocol) sessions.
However, an attacker can bypass this restriction. Technical
details are unknown.
An attacker can therefore use RDP of Pulse Secure Connect Secure,
in order to escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Pulse-Secure-Connect-Secure-privilege-escalation-via-RDP-19036