← back
CVE-2020-8243

CVE-2020-8243

CVSS 7.2 HIGHEPSS 90.8%● KEVCWE-94
In short

An authenticated attacker can upload a custom template to Pulse Connect Secure's admin interface (versions before 9.1R8.2) to execute arbitrary code on the server.

Technical detail

The vulnerability exists in the admin web interface's template upload functionality, allowing authenticated users to upload malicious templates that bypass validation and execute arbitrary code. CWE-94 (Code Injection) permits template injection leading to remote code execution with authenticated access as a prerequisite.

Summary generated and translated by AI from the official description.
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · Pulse Connect Secre

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44588https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8243