Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mbadanoiu/cve-2020-8254

CVE-2020-8254: Zip Slip in Pulse Secure VPN Windows Client
https://github.com/mbadanoiu/cve-2020-8254

0-day cve cve-2020-8254 cves remote-code-execution user-interaction zip-slip

Last synced: 2 days ago
JSON representation

CVE-2020-8254: Zip Slip in Pulse Secure VPN Windows Client

Host: GitHub
URL: https://github.com/mbadanoiu/cve-2020-8254
Owner: mbadanoiu
Created: 2023-11-26T13:42:37.000Z (12 months ago)
Default Branch: main
Last Pushed: 2023-11-26T13:57:35.000Z (12 months ago)
Last Synced: 2023-11-26T17:27:57.406Z (12 months ago)
Topics: 0-day, cve, cve-2020-8254, cves, remote-code-execution, user-interaction, zip-slip
Homepage:
Size: 1.43 MB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# CVE-2020-8254: Zip Slip in Pulse Secure VPN Windows Client

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server.

### Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found [here](https://forums.ivanti.com/s/article/SA44601?language=en_US).

### Requirements:

This vulnerability requires:
- User interaction (victim needs to click “Yes” or “Always” when asked to download the “Host Checker” software)

### Proof Of Concept:

More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2020-8254/blob/main/Pulse%20Secure%20VPN%20Windows%20Client%20-%20CVE-2020-8254.pdf).