This Metasploit module exploits a post-auth command injection
in the Pulse Secure VPN server to execute commands as root. The
env(1) command is used to bypass application whitelisting and run
arbitrary commands. Please see related module
auxiliary/gather/pulse_secure_file_disclosure for a pre-auth file
read that is able to obtain plaintext and hashed credentials, plus
session IDs that may be used with this exploit. A valid
administrator session ID is required in lieu of untested
SSRF.
Read more https://packetstormsecurity.com/files/155277/pulse_secure_cmd_exec.rb.txt