logo
DATABASE RESOURCES PRICING ABOUT US

Pulse Policy Secure < 9.1R8 (SA44516)

Description

According to its self-reported version, the version of Pulse Policy Secure running on the remote host is prior to 9.1R8. It is, therefore, affected by multiple vulnerabilities: - An attacker can bypass the Google TOTP, if the primary credentials are exposed to attacker (CVE-2020-8206). - An authenticated attacker via the admin web interface can crafted URI to perform an arbitrary code execution (CVE-2020-8218). - An authenticated attacker via the administrator web interface can read arbitrary files (CVE-2020-8221). Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Related