Lucene search

AttackerKBAKB:9BC68457-02B8-47E9-8D37-CD9C803DC77D

HistoryJul 28, 2020 - 12:00 a.m.

CVE-2020-15408

2020-07-2800:00:00

attackerkb.com

4.6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

JSON

An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite.

Recent assessments:

wvu-r7 at July 28, 2020 6:20pm UTC reported:

I wonder if this has SSRF-to-RCE potential after reading the recent security bulletin.

ETA: Or just target an admin.

Assessed Attacker Value: 2
Assessed Attacker Value: 2Assessed Attacker Value: 3

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15408

kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516

kb.pulsesecure.net?atype=sa

4.6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

JSON

Related for AKB:9BC68457-02B8-47E9-8D37-CD9C803DC77D