CVE-2020-8254: Zip Slip in Pulse Secure VPN Windows Client

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server.

Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found here.

Requirements:

This vulnerability requires:

User interaction (victim needs to click “Yes” or “Always” when asked to download the “Host Checker” software)

Proof Of Concept:

More details and the exploitation process can be found in this PDF.

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
Pulse Secure VPN Windows Client - CVE-2020-8254.pdf		Pulse Secure VPN Windows Client - CVE-2020-8254.pdf
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Pulse Secure VPN Windows Client - CVE-2020-8254.pdf

Pulse Secure VPN Windows Client - CVE-2020-8254.pdf

README.md

README.md

Repository files navigation

CVE-2020-8254: Zip Slip in Pulse Secure VPN Windows Client

Vendor Disclosure:

Requirements:

Proof Of Concept:

About

mbadanoiu/CVE-2020-8254

Folders and files

Latest commit

History

Pulse Secure VPN Windows Client - CVE-2020-8254.pdf

Pulse Secure VPN Windows Client - CVE-2020-8254.pdf

README.md

README.md

Repository files navigation

CVE-2020-8254: Zip Slip in Pulse Secure VPN Windows Client

Vendor Disclosure:

Requirements:

Proof Of Concept:

About

Topics

Resources

Stars

Watchers

Forks