Plattform
windows
Komponente
pulse-secure-client
Behoben in
9.1.1
CVE-2023-34298 is a directory traversal vulnerability discovered in Pulse Secure Client. This flaw allows a local attacker to escalate privileges by exploiting insufficient path validation within the SetupService component. The vulnerability impacts versions 9.1r15 through 9.1r15, and a patch is available to resolve the issue.
Successful exploitation of CVE-2023-34298 allows a local attacker to gain elevated privileges on the system where Pulse Secure Client is installed. This can be achieved by crafting malicious file paths that bypass validation checks within the SetupService. An attacker who can execute low-privileged code can then leverage this vulnerability to execute arbitrary code with higher privileges, potentially compromising the entire system. This vulnerability shares similarities with other directory traversal exploits where attackers manipulate file paths to access unauthorized resources. The potential impact includes data theft, system modification, and complete system takeover.
CVE-2023-34298 was published on May 3, 2024. The vulnerability is considered to have a medium probability of exploitation due to its local nature and the requirement for initial low-privilege code execution. Public proof-of-concept exploits are not currently available, but the relatively straightforward nature of directory traversal vulnerabilities suggests that they may emerge. Monitor security advisories and threat intelligence feeds for updates.
Organizations utilizing Pulse Secure Client for remote access, particularly those running versions 9.1r15 through 9.1r15, are at risk. Systems with weak access controls or those where local accounts have excessive privileges are especially vulnerable. Environments with a history of insider threats or where physical access to client machines is readily available should prioritize remediation.
• windows / supply-chain:
Get-Process -Name SetupService | Select-Object ProcessId, Path• windows / supply-chain:
Get-WinEvent -LogName Application -FilterXPath "*[System[Provider[@Name='Pulse Secure Client SetupService']]]" | Select-Object TimeCreated, Message• windows / supply-chain: Check Autoruns for unusual entries related to Pulse Secure Client or SetupService.
disclosure
Exploit-Status
EPSS
0.12% (30% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2023-34298 is to upgrade to a patched version of Pulse Secure Client as soon as it becomes available. Until the upgrade can be performed, consider restricting access to the SetupService component and implementing strict file access controls. Monitor system logs for unusual file access patterns that might indicate exploitation attempts. While a WAF or proxy cannot directly mitigate this local privilege escalation, enhanced endpoint detection and response (EDR) solutions can help identify and block malicious activity. After upgrading, verify the fix by attempting to access restricted files via the SetupService and confirming that access is denied.
Actualice Pulse Secure Client a una versión posterior a 9.1r15. Esto solucionará la vulnerabilidad de escalada de privilegios local debido al recorrido de directorios en SetupService.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2023-34298 is a directory traversal vulnerability in Pulse Secure Client allowing local privilege escalation. It affects versions 9.1r15–9.1r15, enabling attackers to manipulate file paths and potentially execute arbitrary code.
If you are using Pulse Secure Client versions 9.1r15 through 9.1r15, you are potentially affected. Check your installed version and upgrade as soon as possible.
Upgrade to a patched version of Pulse Secure Client. Until the upgrade, restrict access to the SetupService component and monitor system logs.
While no active exploitation has been confirmed, the vulnerability's nature suggests potential for exploitation. Monitor security advisories and threat intelligence feeds.
Refer to the official Pulse Secure security advisory for detailed information and mitigation steps: [https://knowledgebase.pulesecure.net/kb/details/1533](https://knowledgebase.pulesecure.net/kb/details/1533)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.