![pulse secure client windows pulse secure client windows](http://www.extremetech.com/wp-content/uploads/2013/12/Two_Loomis_Employees_Refilling_an_ATM_at_the_Downtown_Seattle_REI.jpg)
- Pulse secure client windows install#
- Pulse secure client windows drivers#
- Pulse secure client windows driver#
The vulnerability lies in the “ dsInstallerService” component, which provides non-administrative users the ability to install or update new components using installers provided by Pulse Secure. Exploiting this issue allows an attacker to trick “ PulseSecureService.exe” into running an arbitrary Microsoft Installer executable (“.msi”) with SYSTEM privileges, granting them administrative rights.
![pulse secure client windows pulse secure client windows](https://venturebeat.com/wp-content/uploads/2020/04/IMG_3028D-e1587502974118.jpeg)
![pulse secure client windows pulse secure client windows](https://i.ytimg.com/vi/ef4cYdt8CJQ/maxresdefault.jpg)
Pulse Secure Client for Windows suffers of a local privilege escalation vulnerability in the “ PulseSecureService.exe” service. We have registered CVE-2020-13162 for that. How bad would it be? This is what could have happened by exploiting the vulnerability on Pulse Secure client we are going to talk about today, before the vendor patched it. Now imagine an employee (might be a malicious insider) escalating to “ NT_AUTHORITY\SYSTEM” in one of these laptops before or after having established a connection to the company VPN network, with security measures, configurations and software disabled or tampered, with the possibility to install any programs or hide hacking tools in the system without restrictions, with the aim to lower down the threat detection and identification capabilities of SOC. Of course the operating system running on these laptops is hardened in order to disallow the installation of arbitrary software, disable the antivirus or the other monitoring/security agents and more in general to avoid the execution from employees of any actions that would normally require admin rights. Try to imagine a business distributing laptops to its employees through which they can connect remotely, via VPN, to the employer’s infrastructure and comfortably work from home. Why? Beyond the large installation base in the Fortune 500 market, there are plenty of medium-size companies out there adopting the Pulse Secure products. So the lenient Red Timmy has thought: “ it would be good to kill some 0day while we go through this hard time“.Īfter careful evaluation of the options available, we have decided to proceed with a deep inspection of the Pulse Secure VPN client.
![pulse secure client windows pulse secure client windows](https://docs.pulsesecure.net/WebHelp/PDC/9.1R4/assets/SAMLAuthEmbeddedBrowser.png)
Being able to quickly identify vulnerabilities in the components of these infrastructures has become, more than before, a priority for many businesses. When viewing the Properties > Events tab of the Juniper_Networks_Virtual_Adapter_01 adapter, the event " Device deleted" will be displayed one or more times.In the midst of the coronavirus pandemic we have observed an incredible boost in the diffusion of configurations allowing people to work from home.
Pulse secure client windows drivers#
There are no compatible drivers for this device