CVE-2020-8260

Warnung

Exploit

EPSS 70.36%
Veröffentlicht 28.10.2020 13:15:13
Zuletzt bearbeitet 12.02.2025 19:59:29
Quelle support@hackerone.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ivanti ≫ Connect Secure Version <= 9.0

Ivanti ≫ Connect Secure Version9.1 Update-

Ivanti ≫ Connect Secure Version9.1 Updater1.0

Ivanti ≫ Connect Secure Version9.1 Updater2.0

Ivanti ≫ Connect Secure Version9.1 Updater3.0

Ivanti ≫ Connect Secure Version9.1 Updater4.0

Ivanti ≫ Connect Secure Version9.1 Updater4.1

Ivanti ≫ Connect Secure Version9.1 Updater4.2

Ivanti ≫ Connect Secure Version9.1 Updater4.3

Ivanti ≫ Connect Secure Version9.1 Updater5.0

Ivanti ≫ Connect Secure Version9.1 Updater6.0

Ivanti ≫ Connect Secure Version9.1 Updater7.0

Ivanti ≫ Connect Secure Version9.1 Updater8.0

Ivanti ≫ Connect Secure Version9.1 Updater8.1

Ivanti ≫ Connect Secure Version9.1 Updater8.2

Ivanti ≫ Connect Secure Version9.1 Updater8.4

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Ivanti Pulse Connect Secure Code Execution Vulnerability

Schwachstelle

Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	70.36%	0.986

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601

Vendor Advisory

Broken Link

http://packetstormsecurity.com/files/160619/Pulse-Secure-VPN-Remote-Code-Execution.html

Third Party Advisory

Exploit

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2020-8260

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-8260

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-8260

EUVD