Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client. The attacker must interrupt the client's network connectivity, and trigger a connection to a crafted proxy server with an invalid SSL certificate that allows certification-manager access, leading to the ability to browse local files and execute local programs.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Pulse Secure Client 安全漏洞
Vulnerability Description
Pulse Secure Client是美国Pulse Secure公司的一套用于访问Juniper Pulse Secure网关的终端设备的客户端软件。 Pulse Secure Client 9.0R1版本和5.3R5之前的5.3RX版本中存在安全漏洞。攻击者可利用该漏洞绕过Windows身份验证并以Pulse Secure Client权限在系统上执行命令。
CVSS Information
N/A
Vulnerability Type
N/A