CVSS: 5.8EPSS: 0%CPEs: 11EXPL: 0CVE-2020-15408
https://notcve.org/view.php?id=CVE-2020-15408
28 Jul 2020 — An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite. Se detectó un problema en Pulse Secure Pulse Connect Secure versiones anteriores a 9.1R8. Un atacante autenticado puede acceder a la consola de la página admin por medio de la interfaz web del usuario final debido a una reescritura • https://kb.pulsesecure.net/?atype=sa •
CVSS: 7.0EPSS: 0%CPEs: 32EXPL: 3CVE-2020-13162 – Pulse Secure Client for Windows Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2020-13162
16 Jun 2020 — A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges. Una vulnerabilidad de tipo time-of-check time-of-use en el archivo PulseSecureService.exe en Pulse Secure Client versiones anteriores a 9.1.6 hasta 5.3 R70 para Windows (que se ejecuta como NT AUTHORITY/SYSTEM), permite a los usuarios sin pr... • https://packetstorm.news/files/id/159065 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •