CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-8218

Known Exploited (CISA KEV)HIGH
7.2
CVSS Severity Score
EPSS Score28.1580%
EPSS Percentile95.35th
Published2020年7月30日
Last Modified2025年10月30日

Vulnerability Description

A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.

Affected Platforms (CPE)

📦
Ivanti

Connect Secure

<= 9.0
📦
Ivanti

Connect Secure

= 9.1
📦
Ivanti

Connect Secure

= 9.1
📦
Ivanti

Connect Secure

= 9.1
📦
Ivanti

Connect Secure

= 9.1
📦
Ivanti

Connect Secure

= 9.1
📦
Ivanti

Connect Secure

= 9.1
📦
Ivanti

Connect Secure

= 9.1
📦
Ivanti

Connect Secure

= 9.1
📦
Ivanti

Connect Secure

= 9.1
📦
Ivanti

Connect Secure

= 9.1
📦
Ivanti

Connect Secure

= 9.1
📦
Ivanti

Policy Secure

= 9.1
📦
Ivanti

Policy Secure

= 9.1
📦
Ivanti

Policy Secure

= 9.1
📦
Ivanti

Policy Secure

= 9.1
📦
Ivanti

Policy Secure

= 9.1
📦
Ivanti

Policy Secure

= 9.1
📦
Ivanti

Policy Secure

= 9.1
📦
Ivanti

Policy Secure

= 9.1
📦
Ivanti

Policy Secure

= 9.1
📦
Ivanti

Policy Secure

= 9.1
📦
Ivanti

Policy Secure

= 9.1
📦
Pulsesecure

Pulse Policy Secure

<= 9.0

References & Advisories

🔗 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516
🔗 https://www.gosecure.net/blog/2020/11/13/forget-your-perimeter-part-2-four-vulnerabilities-in-pulse-connect-secure/
🔗 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516
🔗 https://www.gosecure.net/blog/2020/11/13/forget-your-perimeter-part-2-four-vulnerabilities-in-pulse-connect-secure/
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8218

相关漏洞威胁

CVE-2000-056310.0

The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a m...

CVE-2021-2289310.0

Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Sh...

CVE-2019-1151010.0

In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated rem...

CVE-2007-285010.0

The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials ...