An issue exists in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, allows a man-in-the-middle malicious user to perform OS command injection attacks (against a client) via shell metacharacters to the doCustomRemediateInstructions method, because Runtime.getRuntime().exec() is used.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pulsesecure pulse_connect_secure |
||
pulsesecure pulse policy secure - |