Attacker Value
Low
1

CVE-2020-15408

Disclosure Date: July 28, 2020

Exploitability

(1 user assessed) Moderate
Attack Vector
Network
Privileges Required
Low
User Interaction
Required

Description

An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite.

Add Assessment

2
Ratings
  • Attacker Value
    Low
  • Exploitability
    Medium
Technical Analysis

I wonder if this has SSRF-to-RCE potential after reading the recent security bulletin.

General Information

Additional Info

Technical Analysis