Published: 30/07/2020 Updated: 27/02/2024

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an malicious user to crafted a URI to perform an arbitrary code execution via the admin web interface.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pulsesecure pulse connect secure
ivanti connect secure 9.1
pulsesecure pulse policy secure
ivanti policy secure 9.1

Tool to test for existence of CVE-2020-8218

pulse-gosecure-rce _____ _____ _____ _____ _____ /\ \ /\ \ /\ \ /\ \ /\ \ /::\ \ /::\____\ /::\____\ /::\ \ /::\ \

Before you head off for the weekend, you have patched your Pulse Secure VPNs, right? Wouldn't want you to be pwned via a phishing link

The Register • Shaun Nichols in San Francisco • 28 Aug 2020

Perl clutching time again That Pulse Secure VPN you're using to protect your data? Better get it patched – or it's going to be ransomware time

Stop us if you've heard this one before: a remote-code execution vulnerability needs patching in Pulse Secure VPNs. Professional code-probers at GoSecure uncovered a host of security flaws, including CVE-2020-8218, which it publicly disclosed this week after a patch was issued. The other holes are yet to be addressed, and so details on those remain under wraps for now. What we do know is that CVE-2020-8218 can be exploited to execute code on the VPN system by tricking an administrator into, say,...

CVE-2020-8218

Vulnerability Summary

Vulnerability Trend

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect