GSD-2020-8260 — Vulnetix

GSD-2020-8260 PUBLISHED CVSS 7.199999809265137 HIGH

A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.

Risk Scores

CVSS v3.1

7.199999809265137

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
n/a	Pulse Connect Secure / Pulse Policy Secure	9.1R9

Timeline

Jan 18, 2018 CVE Published
Dec 17, 2020 PoC Published
Apr 21, 2021 PoC Published
Aug 25, 2021 PoC Published
Oct 25, 2021 PoC Published
Nov 8, 2021 PoC Published
Nov 20, 2021 PoC Published
Nov 14, 2024 PoC Published
Dec 24, 2024 PoC Published
Feb 6, 2025 PoC Published
Feb 23, 2025 PoC Published
Feb 23, 2025 PoC Published

References

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 url
http://packetstormsecurity.com/files/160619/Pulse-Secure-VPN-Remote-Code-Execution.html url
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8260 url

Open in Interactive Console →