Tool to test for existence of CVE-2020-8218
pulse-gosecure-rce _____ _____ _____ _____ _____ /\ \ /\ \ /\ \ /\ \ /\ \ /::\ \ /::\____\ /::\____\ /::\ \ /::\ \
A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an malicious user to crafted a URI to perform an arbitrary code execution via the admin web interface.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pulsesecure pulse connect secure |
||
ivanti connect secure 9.1 |
||
pulsesecure pulse policy secure |
||
ivanti policy secure 9.1 |
Perl clutching time again That Pulse Secure VPN you're using to protect your data? Better get it patched – or it's going to be ransomware time
Stop us if you've heard this one before: a remote-code execution vulnerability needs patching in Pulse Secure VPNs. Professional code-probers at GoSecure uncovered a host of security flaws, including CVE-2020-8218, which it publicly disclosed this week after a patch was issued. The other holes are yet to be addressed, and so details on those remain under wraps for now. What we do know is that CVE-2020-8218 can be exploited to execute code on the VPN system by tricking an administrator into, say,...