Lucene search

K
cve[email protected]CVE-2020-8260
HistoryOct 28, 2020 - 1:15 p.m.

CVE-2020-8260

2020-10-2813:15:13
CWE-434
web.nvd.nist.gov
969
In Wild
21
cve-2020-8260
vulnerability
pulse connect secure
admin web interface
arbitrary code execution
nvd

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.025 Low

EPSS

Percentile

90.2%

A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.

Affected configurations

NVD
Node
pulsesecurepulse_secure_desktop_clientRange<9.1linux
OR
pulsesecurepulse_secure_desktop_clientMatch9.1-linux
OR
pulsesecurepulse_secure_desktop_clientMatch9.1r1linux
OR
pulsesecurepulse_secure_desktop_clientMatch9.1r2linux
OR
pulsesecurepulse_secure_desktop_clientMatch9.1r3linux
OR
pulsesecurepulse_secure_desktop_clientMatch9.1r3.1linux
OR
pulsesecurepulse_secure_desktop_clientMatch9.1r4linux
OR
pulsesecurepulse_secure_desktop_clientMatch9.1r4.1linux
OR
pulsesecurepulse_secure_desktop_clientMatch9.1r4.2linux
OR
pulsesecurepulse_secure_desktop_clientMatch9.1r5linux
OR
pulsesecurepulse_secure_desktop_clientMatch9.1r6linux
OR
pulsesecurepulse_secure_desktop_clientMatch9.1r7linux
OR
pulsesecurepulse_secure_desktop_clientMatch9.1r7.1linux
OR
pulsesecurepulse_secure_desktop_clientMatch9.1r8linux
OR
pulsesecurepulse_secure_desktop_clientMatch9.1r8.2linux

CNA Affected

[
  {
    "product": "Pulse Connect Secure / Pulse Policy Secure",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "9.1R9"
      }
    ]
  }
]

Social References

More

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.025 Low

EPSS

Percentile

90.2%