CVE-2020-8260

🗓️ 28 Oct 2020 12:47:13Reported by hackeroneType

cve🔗 web.nvd.nist.gov📰️ 10 Media mentions👁 1144 Views🌐 WEB

A vulnerability in Pulse Connect Secure < 9.1R9 admin web interface allowing arbitrary code execution

Reporter	Title	Published	Views	Family All 32
0day.today	Pulse Secure VPN Remote Code Execution Exploit	18 Dec 202000:00	–	zdt
ICS	Exploitation of Pulse Connect Secure Vulnerabilities	24 Aug 202112:00	–	ics
ATTACKERKB	CVE-2020-8260	28 Oct 202000:00	–	attackerkb
BDU FSTEC	The vulnerability in the web interface of the Pulse Connect Secure VPN server for corporate networks allows a perpetrator to execute arbitrary code.	16 Nov 202100:00	–	bdu_fstec
Circl	CVE-2020-8260	17 Dec 202022:50	–	circl
CISA KEV Catalog	Ivanti Pulse Connect Secure Code Execution Vulnerability	3 Nov 202100:00	–	cisa_kev
CNVD	Pulse Secure Pulse Connect Secure Arbitrary Code Execution Vulnerability	29 Oct 202000:00	–	cnvd
Cvelist	CVE-2020-8260	28 Oct 202012:47	–	cvelist
Ivanti	SA44601 - 2020-10: Security Bulletin: Multiple Vulnerabilities Resolved in Pulse Connect Secure / Pulse Policy Secure / Pulse Secure Desktop Client 9.1R9	14 Feb 202307:22	–	ivanti
Malwarebytes	Take action! Multiple Pulse Secure VPN vulnerabilities exploited in the wild	21 Apr 202118:12	–	malwarebytes

NVD

Vulners

Node

ivanti connect_secureRange≤9.0

ivanti connect_secureMatch9.1-

ivanti connect_secureMatch9.1r1.0

ivanti connect_secureMatch9.1r2.0

ivanti connect_secureMatch9.1r3.0

ivanti connect_secureMatch9.1r4.0

ivanti connect_secureMatch9.1r4.1

ivanti connect_secureMatch9.1r4.2

ivanti connect_secureMatch9.1r4.3

ivanti connect_secureMatch9.1r5.0

ivanti connect_secureMatch9.1r6.0

ivanti connect_secureMatch9.1r7.0

ivanti connect_secureMatch9.1r8.0

ivanti connect_secureMatch9.1r8.1

ivanti connect_secureMatch9.1r8.2

ivanti connect_secureMatch9.1r8.4

[
  {
    "product": "Pulse Connect Secure / Pulse Policy Secure",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "9.1R9"
      }
    ]
  }
]

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/160619/Pulse-Secure-VPN-Remote-Code-Execution.html
kb	www.kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog

Parameter	Position	Path	Description	CWE
uploaded_file	request	dana-admin/cached/config/import.cgi	Multipart upload of encrypted config backup used to install a malicious payload via uncontrolled gzip extraction	CWE-434
xsauth	request	dana-admin/cached/config/import.cgi	Multipart upload of encrypted config backup used to install a malicious payload via uncontrolled gzip extraction	CWE-434
op	request	dana-admin/cached/config/import.cgi	Multipart upload of encrypted config backup used to install a malicious payload via uncontrolled gzip extraction	CWE-434
type	request	dana-admin/cached/config/import.cgi	Multipart upload of encrypted config backup used to install a malicious payload via uncontrolled gzip extraction	CWE-434
txtPassword1	request	dana-admin/cached/config/import.cgi	Multipart upload of encrypted config backup used to install a malicious payload via uncontrolled gzip extraction	CWE-434
btnUpload	request	dana-admin/cached/config/import.cgi	Multipart upload of encrypted config backup used to install a malicious payload via uncontrolled gzip extraction	CWE-434
trigger	header	dana-na/auth/setcookie.cgi	Trigger RCE by sending a specially named header to the setcookie.cgi endpoint	CWE-434
id	path	dana-admin/misc/admin.cgi	Version information disclosure used to determine vulnerability applicability	CWE-434
span_stats_counter_total_users_count	path	dana-admin/misc/admin.cgi	Version information disclosure used to determine vulnerability applicability	CWE-434
tz_offset	request body	dana-na/auth/url_admin/login.cgi	Login flow for admin credentials required prior to exploitation	CWE-434

18 Dec 2025 02:00Current

8.2High risk

Vulners AI Score8.2

CVSS 26.5

CVSS 3.17.2

EPSS0.9648

SSVC