Lucene search

[email protected]CVE-2020-8255

HistoryOct 28, 2020 - 1:15 p.m.

CVE-2020-8255

2020-10-2813:15:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

vulnerability

pulse connect secure

arbitrary file reading

authenticated attacker

nvd

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

28.6%

JSON

A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages.

CPENameOperatorVersion
pulsesecure:pulse_secure_desktop_clientpulsesecure pulse secure desktop clienteq9.1

CPE	Name	Operator	Version
pulsesecure:pulse_secure_desktop_client	pulsesecure pulse secure desktop client	eq	9.1

References

kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

28.6%

JSON

Related for CVE-2020-8255

prion1 nessus2