Published: 30/07/2020 Updated: 27/02/2024

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pulsesecure pulse connect secure
ivanti connect secure 9.1
pulsesecure pulse policy secure
ivanti policy secure 9.1

Before you head off for the weekend, you have patched your Pulse Secure VPNs, right? Wouldn't want you to be pwned via a phishing link

The Register • Shaun Nichols in San Francisco • 28 Aug 2020

Perl clutching time again That Pulse Secure VPN you're using to protect your data? Better get it patched – or it's going to be ransomware time

Stop us if you've heard this one before: a remote-code execution vulnerability needs patching in Pulse Secure VPNs. Professional code-probers at GoSecure uncovered a host of security flaws, including CVE-2020-8218, which it publicly disclosed this week after a patch was issued. The other holes are yet to be addressed, and so details on those remain under wraps for now. What we do know is that CVE-2020-8218 can be exploited to execute code on the VPN system by tricking an administrator into, say,...

CVE-2020-8206

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect