Attacker Value

Very High

(1 user assessed)

Exploitability

Low

(1 user assessed)

User Interaction

CVE-2020-8218

Disclosure Date: July 30, 2020 •

CVE-2020-8218 CVSS v3 Base Score: 7.2

Exploited in the Wild

Reported by mkienow-r7 and 1 more...
View Source Details

Description

A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.

Add Assessment

wvu-r7 (437)

August 27, 2020 3:29pm UTC (4 years ago)•

Ratings

Attacker Value

Very High

Exploitability

Low

Common in enterprise Gives privileged access Authenticated Difficult to weaponize Requires elevated access Requires user interaction

Technical Analysis

Researchers wrote this one up at https://www.gosecure.net/blog/2020/08/26/forget-your-perimeter-rce-in-pulse-connect-secure/.

In CVE-2020-15408, I was musing about SSRF-to-RCE potential as a normal user, but this just skips right to CSRF’ing an admin to get RCE.

Note that both these vulns involve interacting with an authenticated user. The “threat model” is different from that of previous Pulse Secure RCEs. Patch this but also invest in security training for your users!

ETA: This is otherwise post-auth RCE, so if you have admin creds, you can execute commands all the same. It’s not uncommon to find creds like these in a corporate wiki or share somewhere.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

7.2 High

Impact Score:

5.9

Exploitability Score:

1.2

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

High

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

ivanti,
pulsesecure

Products

connect secure 9.1,
policy secure 9.1,
pulse connect secure,
pulse policy secure

Exploited in the Wild

Reported by:

mkienow-r7 indicated source as Government or Industry Alert (https://www.cisa.gov/uscert/ncas/current-activity/2022/03/07/cisa-adds-11-known-exploited-vulnerabilities-catalog)

Reported: March 08, 2022 3:12am UTC (2 years ago)

AttackerKB Worker indicated source as Government or Industry Alert (https://www.cisa.gov/news-events/alerts/2022/03/07/cisa-adds-11-known-exploited-vulnerabilities-catalog)

Reported: November 08, 2024 8:21am UTC (2 weeks ago)

References

Rapid7

Very High

CVE-2020-8218

Very High

Low

None

High

Network

CVE-2020-8218

Description

Add Assessment

Ratings

Technical Analysis

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Exploited in the Wild

References

Canonical

Advisory

Miscellaneous

Additional Info

Technical Analysis

Very High

CVE-2020-8218

Very High

Low

None

High

Network

CVE-2020-8218

Description

Add Assessment

Ratings

Technical Analysis

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Exploited in the Wild

References

Canonical

Advisory

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification