7.2
CVE-2020-8243
- EPSS 22.62%
- Published 30.09.2020 18:15:29
- Last modified 12.02.2025 19:56:52
- Source support@hackerone.com
- Teams watchlist Login
- Open Login
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution.
Data is provided by the National Vulnerability Database (NVD)
Ivanti ≫ Connect Secure Version <= 9.0
Ivanti ≫ Connect Secure Version9.1 Update-
Ivanti ≫ Connect Secure Version9.1 Updater1
Ivanti ≫ Connect Secure Version9.1 Updater2
Ivanti ≫ Connect Secure Version9.1 Updater3
Ivanti ≫ Connect Secure Version9.1 Updater4
Ivanti ≫ Connect Secure Version9.1 Updater4.1
Ivanti ≫ Connect Secure Version9.1 Updater4.2
Ivanti ≫ Connect Secure Version9.1 Updater4.3
Ivanti ≫ Connect Secure Version9.1 Updater5
Ivanti ≫ Connect Secure Version9.1 Updater6
Ivanti ≫ Connect Secure Version9.1 Updater7
Ivanti ≫ Connect Secure Version9.1 Updater8
Ivanti ≫ Connect Secure Version9.1 Updater8.1
Ivanti ≫ Policy Secure Version <= 9.0
Ivanti ≫ Policy Secure Version9.1 Update-
Ivanti ≫ Policy Secure Version9.1 Updater1
Ivanti ≫ Policy Secure Version9.1 Updater2
Ivanti ≫ Policy Secure Version9.1 Updater3
Ivanti ≫ Policy Secure Version9.1 Updater4
Ivanti ≫ Policy Secure Version9.1 Updater4.1
Ivanti ≫ Policy Secure Version9.1 Updater4.2
Ivanti ≫ Policy Secure Version9.1 Updater4.3
Ivanti ≫ Policy Secure Version9.1 Updater5
Ivanti ≫ Policy Secure Version9.1 Updater6
Ivanti ≫ Policy Secure Version9.1 Updater7
Ivanti ≫ Policy Secure Version9.1 Updater8
Ivanti ≫ Policy Secure Version9.1 Updater8.1
03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog
Ivanti Pulse Connect Secure Code Execution Vulnerability
VulnerabilityIvanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code execution.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 22.62% | 0.957 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.