CVE-2020-8254

Опубликовано: 28 окт. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security of connections between Pulse clients and Pulse Connect Secure, see below recommendation(s):Disable Dynamic certificate trust for PDC.

Ссылки

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601
Vendor Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:*:*:*:*:*:windows:*:*

Версия до 9.1 (исключая)

cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r1:*:*:*:windows:*:*

cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r2:*:*:*:windows:*:*

cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3:*:*:*:windows:*:*

cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3.1:*:*:*:windows:*:*

cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4:*:*:*:windows:*:*

cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.1:*:*:*:windows:*:*

cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.2:*:*:*:windows:*:*

cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r5:*:*:*:windows:*:*

cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r6:*:*:*:windows:*:*

cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r7:*:*:*:windows:*:*

cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r7.1:*:*:*:windows:*:*

cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r8:*:*:*:windows:*:*

cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r8.2:*:*:*:windows:*:*

EPSS

Процентиль: 85%

0.02435

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-23

CWE-22

Связанные уязвимости

GHSA-p993-j26m-6v98

github

больше 3 лет назад