Very High
CVE-2020-8243
CVE-2020-8243
Description
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution.
Add Assessment
Technical Analysis
Oh dear, another Pulse Secure vuln. Let’s break this down lightly.
This particular CVE can be compared to CVE-2019-11539, which is also an authenticated RCE that requires access to the admin interface. So, the fact that this requires admin interface access (SSRF notwithstanding) significantly reduces the impact of the vuln.
But wait, there’s more! Why was CVE-2019-11539 such a big deal, then? We have to consider the effects of CVE-2019-11510 in the exploit chain. We were able to leak session cookies with CVE-2019-11510, among many other things, which let us authenticate our post-auth RCE. All it takes is one info leak primitive. And short of an info leak, creds can still be compromised in other ways, such as through default creds, password spraying, or even a file in an SMB share somewhere (hopefully internal).
So, uh, yeah. Patch this. Secure your creds and don’t make them admin:admin. Admin access alone is devastating. Don’t add root RCE to it. VPN is the window into your org.
CVSS V3 Severity and Metrics
General Information
Vendors
- ivanti,
- pulsesecure
Products
- connect secure 9.1,
- policy secure 9.1,
- pulse connect secure,
- pulse policy secure
Exploited in the Wild
