VDB
CVE-2020-8260
CVE-2020-8260
PUBLISHED
KEV
CVSS 6.5 MEDIUM
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.
EPSS 73.03% · 98.8th percentile
Risk Scores
CVSS 2.0
6.5
EPSS Score
73.03%
98.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | Pulse Connect Secure / Pulse Policy Secure | 9.1R9 |
| ivanti | connect_secure | 0, 9.1, 9.1 |
Exploit Intelligence
- http://packetstormsecurity.com/files/160619/Pulse-Secure-VPN-Remote-Code-Execution.html (nist-nvd)
- cve-2015-9251 (github-poc)
- cve-2015-9251 (github-poc)
- cve-2015-9251 (github-poc)
- cve-2015-9251 (github-poc)
- cve-2015-9251 (github-poc)
- This repository contains a Proof of Concept (PoC) for CVE-2015-9251, a vulnerability in jQuery versions prior to 3.0.0 that allows attackers to perform Cross-Site Scripting (XSS) attacks under certain conditions. (github-poc)
- This repository contains a Proof of Concept (PoC) for CVE-2015-9251, a vulnerability in jQuery versions prior to 3.0.0 that allows attackers to perform Cross-Site Scripting (XSS) attacks under certain conditions. (github-poc)
- This repository contains a Proof of Concept (PoC) for CVE-2015-9251, a vulnerability in jQuery versions prior to 3.0.0 that allows attackers to perform Cross-Site Scripting (XSS) attacks under certain conditions. (github-poc)
- This repository contains a Proof of Concept (PoC) for CVE-2015-9251, a vulnerability in jQuery versions prior to 3.0.0 that allows attackers to perform Cross-Site Scripting (XSS) attacks under certain conditions. (github-poc)
…and 84 more exploits
Timeline
- Oct 28, 2020 CVE Published
- Dec 17, 2020 PoC Published
- Dec 18, 2020 PoC Published
- Apr 14, 2021 EPSS Score
- Apr 21, 2021 PoC Published
- Jun 3, 2021 VulnCheck KEV Exploitation
- Aug 25, 2021 PoC Published
- Oct 25, 2021 PoC Published
- Nov 3, 2021 CISA KEV Added
- Nov 8, 2021 PoC Published
- Nov 20, 2021 PoC Published
- Jan 12, 2022 VulnCheck KEV Exploitation
References
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 url
- http://packetstormsecurity.com/files/160619/Pulse-Secure-VPN-Remote-Code-Execution.html url
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8260 url
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601/?kA23Z000000boS0 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2020-8260 advisory