3 matches found
SA44426 - 2020-04: Out-of-Cycle Advisory: Multiple Host Checker Vulnerabilities
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. This advisory provides information about the Host Checker policy enforcement vulnerabilities highlighted in CVE-2020-11580, CVE-2020-11581, and CVE-2020-11582. These vulnerabilities...
Command injection
An issue was discovered in Pulse Secure Pulse Connect Secure PCS through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, launches a TCP server that accepts local connections on a random port. This can be reached by local HT...
CVE-2020-11581
Pulse Connect Secure (PCS) clients with Host Checker policy enabled on macOS, Linux, or Solaris are affected by CVE-2020-11581 due to an applet in tncc.jar that uses Runtime.getRuntime().exec(), enabling a MITM attacker to perform OS command injections via shell metacharacters in doCustomRemediat...