Vulnerability Details CVE-2020-8260
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.707
EPSS Ranking 98.6%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
Proposed Action
Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction.
Ransomware Campaign
Unknown
References
- http://packetstormsecurity.com/files/160619/Pulse-Secure-VPN-Remote-Code-Execution.html
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601
- http://packetstormsecurity.com/files/160619/Pulse-Secure-VPN-Remote-Code-Execution.html
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8260
Products affected by CVE-2020-8260
-
cpe:2.3:a:ivanti:connect_secure:-
-
cpe:2.3:a:ivanti:connect_secure:7.1
-
cpe:2.3:a:ivanti:connect_secure:7.4
-
cpe:2.3:a:ivanti:connect_secure:8.0
-
cpe:2.3:a:ivanti:connect_secure:8.1
-
cpe:2.3:a:ivanti:connect_secure:8.2
-
cpe:2.3:a:ivanti:connect_secure:8.3
-
cpe:2.3:a:ivanti:connect_secure:9.0
-
cpe:2.3:a:ivanti:connect_secure:9.1