Attacker Value
Low
(1 user assessed)
Exploitability
Moderate
(1 user assessed)
User Interaction
Required
Privileges Required
Low
Attack Vector
Network
1

CVE-2020-15408

Disclosure Date: July 28, 2020
Add any MITRE ATT&CK Tactics to the list below that apply to this CVE.

Description

An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite.

Add Assessment

2
Ratings
  • Attacker Value
    Low
  • Exploitability
    Medium
Technical Analysis

I wonder if this has SSRF-to-RCE potential after reading the recent security bulletin.

ETA: Or just target an admin.

General Information

Additional Info

Technical Analysis