Updated with Cves and Juniper Advistory

This commit is contained in:
Giulio 2020-04-10 02:28:50 +02:00
parent 8bcf6af871
commit 855d6def8d

View File

@ -1,4 +1,12 @@
# Juniper Host Checker Linux MITM RCE
## CVEs
- No certificate Validation - [CVE-2020-11580](https://nvd.nist.gov/vuln/detail/CVE-2020-11580)
- Command Injection - [CVE-2020-11581](https://nvd.nist.gov/vuln/detail/CVE-2020-11581)
- DNS Rebindig - [CVE-2020-11582](https://nvd.nist.gov/vuln/detail/CVE-2020-11582)
Link to Juniper official advisory [SA44426](https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44426)
## Intro
The Host Checker is a client side component that the [Pulse Connect Secure](https://www.pulsesecure.net/products/pulse-connect-secure/) appliance may require in order to connect to the VPN. The Host Checker requests a policy from the server and perform basic checks on the client accordingly. Checks may include MAC Addresses, running process (ie: checking for an antivirus) and some others. While on Windows the plugin is an ActiveX component, in Linux, Solaris and OSX it is a Java Applet.
Of course client checks can always be bypassed, and an open source (yet not well documented) implementation [do exist](https://raw.githubusercontent.com/russdill/juniper-vpn-py/master/tncc.py).