CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2020-8260

Known Exploited (CISA KEV)HIGH
7.2
CVSS Severity Score
EPSS Score31.3020%
EPSS Percentile95.54th
Published2020年10月28日
Last Modified2025年12月18日

Vulnerability Description

A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.

Affected Platforms (CPE)

📦
Ivanti

Connect Secure

<= 9.0
📦
Ivanti

Connect Secure

= 9.1
📦
Ivanti

Connect Secure

= 9.1
📦
Ivanti

Connect Secure

= 9.1
📦
Ivanti

Connect Secure

= 9.1
📦
Ivanti

Connect Secure

= 9.1
📦
Ivanti

Connect Secure

= 9.1
📦
Ivanti

Connect Secure

= 9.1
📦
Ivanti

Connect Secure

= 9.1
📦
Ivanti

Connect Secure

= 9.1
📦
Ivanti

Connect Secure

= 9.1
📦
Ivanti

Connect Secure

= 9.1
📦
Ivanti

Connect Secure

= 9.1
📦
Ivanti

Connect Secure

= 9.1
📦
Ivanti

Connect Secure

= 9.1
📦
Ivanti

Connect Secure

= 9.1

References & Advisories

🔗 http://packetstormsecurity.com/files/160619/Pulse-Secure-VPN-Remote-Code-Execution.html
🔗 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601
🔗 http://packetstormsecurity.com/files/160619/Pulse-Secure-VPN-Remote-Code-Execution.html
🔗 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8260

相關漏洞威脅

CVE-2000-056310.0

The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a m...

CVE-2021-2289310.0

Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Sh...

CVE-2019-1151010.0

In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated rem...

CVE-2007-285010.0

The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials ...