Published: 28/10/2020 Updated: 21/09/2021

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 580

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated malicious user to perform an arbitrary code execution using uncontrolled gzip extraction.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pulsesecure pulse secure desktop client
pulsesecure pulse secure desktop client 9.1

Check Point Reference: CPAI-2021-2059 Date Published: 3 Dec 2023 Severity: High ...

The Pulse Connect Secure appliance versions prior to 91R9 suffer from an uncontrolled gzip extraction vulnerability which allows an attacker to overwrite arbitrary files, resulting in remote code execution as root Admin credentials are required for successful exploitation ...

China broke into govt, defense, finance networks via zero-day in Pulse Secure VPN gateways? No way

The Register • Thomas Claburn in San Francisco • 20 Apr 2021

Crucial flaw won't be fixed until next month Now it is F5’s turn to reveal critical security bugs – and the Feds were quick to sound the alarm on these BIG-IP flaws

Dozens of defense companies, government agencies, and financial organizations in America and abroad appear to have been compromised by China via vulnerabilities in their Pulse Connect Secure VPN appliances – including a zero-day flaw that won't be patched until next month. On Tuesday, IT software supplier Ivanti, the parent of Pulse Secure, issued a wake-up call to its customers by revealing it looks as though select clients were compromised via their encrypted gateways. "There is a new issue,...

CVE-2020-8260

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Recent Articles

References

Vulmon Search

About

Products

Connect