All the vulnerabilites related to pulsesecure - pulse_secure_desktop_client
cve-2018-15726
Vulnerability from cvelistv5
Published
2018-09-06 23:00
Modified
2024-08-05 10:01
Severity ?
EPSS score ?
Summary
The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-06T22:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15726",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877",
"refsource": "CONFIRM",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15726",
"datePublished": "2018-09-06T23:00:00",
"dateReserved": "2018-08-22T00:00:00",
"dateUpdated": "2024-08-05T10:01:54.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20812
Vulnerability from cvelistv5
Published
2019-03-16 03:00
Modified
2024-09-16 20:03
Severity ?
EPSS score ?
Summary
An information exposure issue where IPv6 DNS traffic would be sent outside of the VPN tunnel (when Traffic Enforcement was enabled) exists in Pulse Secure Pulse Secure Desktop 9.0R1 and below. This is applicable only to dual-stack (IPv4/IPv6) endpoints.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:27.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information exposure issue where IPv6 DNS traffic would be sent outside of the VPN tunnel (when Traffic Enforcement was enabled) exists in Pulse Secure Pulse Secure Desktop 9.0R1 and below. This is applicable only to dual-stack (IPv4/IPv6) endpoints."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-16T03:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information exposure issue where IPv6 DNS traffic would be sent outside of the VPN tunnel (when Traffic Enforcement was enabled) exists in Pulse Secure Pulse Secure Desktop 9.0R1 and below. This is applicable only to dual-stack (IPv4/IPv6) endpoints."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/",
"refsource": "CONFIRM",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20812",
"datePublished": "2019-03-16T03:00:00Z",
"dateReserved": "2019-03-15T00:00:00Z",
"dateUpdated": "2024-09-16T20:03:39.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-16261
Vulnerability from cvelistv5
Published
2018-09-06 23:00
Modified
2024-08-05 10:17
Severity ?
EPSS score ?
Summary
In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-06T22:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877",
"refsource": "CONFIRM",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16261",
"datePublished": "2018-09-06T23:00:00",
"dateReserved": "2018-08-31T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8248
Vulnerability from cvelistv5
Published
2020-10-28 12:40
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Pulse Secure Desktop Client |
Version: 9.1R9 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:27.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pulse Secure Desktop Client",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "9.1R9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Pulse Secure Desktop Client (Linux) \u003c 9.1R9 could allow local attackers to escalate privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation (CAPEC-233)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T12:40:34",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pulse Secure Desktop Client",
"version": {
"version_data": [
{
"version_value": "9.1R9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Pulse Secure Desktop Client (Linux) \u003c 9.1R9 could allow local attackers to escalate privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation (CAPEC-233)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
"refsource": "MISC",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8248",
"datePublished": "2020-10-28T12:40:34",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:56:27.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8249
Vulnerability from cvelistv5
Published
2020-10-28 12:40
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Pulse Secure Desktop Client |
Version: 9.1R9 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:27.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pulse Secure Desktop Client",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "9.1R9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Pulse Secure Desktop Client (Linux) \u003c 9.1R9 could allow local attackers to perform buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Classic Buffer Overflow (CWE-120)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T12:40:53",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pulse Secure Desktop Client",
"version": {
"version_data": [
{
"version_value": "9.1R9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Pulse Secure Desktop Client (Linux) \u003c 9.1R9 could allow local attackers to perform buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Classic Buffer Overflow (CWE-120)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
"refsource": "MISC",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8249",
"datePublished": "2020-10-28T12:40:53",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:56:27.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-11002
Vulnerability from cvelistv5
Published
2018-11-29 16:00
Modified
2024-08-05 07:54
Severity ?
EPSS score ?
Summary
Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.themissinglink.com.au/security-advisories-cve-2017-16878-0 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/106054 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.themissinglink.com.au/security-advisories-cve-2017-16878-0"
},
{
"name": "106054",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106054"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-03T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.themissinglink.com.au/security-advisories-cve-2017-16878-0"
},
{
"name": "106054",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106054"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.themissinglink.com.au/security-advisories-cve-2017-16878-0",
"refsource": "MISC",
"url": "https://www.themissinglink.com.au/security-advisories-cve-2017-16878-0"
},
{
"name": "106054",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106054"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11002",
"datePublished": "2018-11-29T16:00:00",
"dateReserved": "2018-05-11T00:00:00",
"dateUpdated": "2024-08-05T07:54:36.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-15749
Vulnerability from cvelistv5
Published
2018-09-06 23:00
Modified
2024-08-05 10:01
Severity ?
EPSS score ?
Summary
The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-06T22:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877",
"refsource": "CONFIRM",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15749",
"datePublished": "2018-09-06T23:00:00",
"dateReserved": "2018-08-23T00:00:00",
"dateUpdated": "2024-08-05T10:01:54.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8263
Vulnerability from cvelistv5
Published
2020-10-28 12:48
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Pulse Connect Secure / Pulse Policy Secure |
Version: 9.1R9 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:27.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pulse Connect Secure / Pulse Policy Secure",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "9.1R9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the authenticated user web interface of Pulse Connect Secure \u003c 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site Scripting (XSS) - Reflected (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T12:48:17",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pulse Connect Secure / Pulse Policy Secure",
"version": {
"version_data": [
{
"version_value": "9.1R9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the authenticated user web interface of Pulse Connect Secure \u003c 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
"refsource": "MISC",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8263",
"datePublished": "2020-10-28T12:48:17",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:56:27.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8240
Vulnerability from cvelistv5
Published
2020-10-28 12:41
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Windows PDC if the Embedded Browser is configured with the Credential Provider.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Pulse Secure Desktop Client |
Version: 9.1R9 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:27.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pulse Secure Desktop Client",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "9.1R9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Pulse Secure Desktop Client \u003c 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Windows PDC if the Embedded Browser is configured with the Credential Provider."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation (CAPEC-233)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T12:41:44",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pulse Secure Desktop Client",
"version": {
"version_data": [
{
"version_value": "9.1R9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Pulse Secure Desktop Client \u003c 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Windows PDC if the Embedded Browser is configured with the Credential Provider."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation (CAPEC-233)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
"refsource": "MISC",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8240",
"datePublished": "2020-10-28T12:41:44",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:56:27.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8241
Vulnerability from cvelistv5
Published
2020-10-28 12:47
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Pulse Secure Dektop Client |
Version: 9.1R9 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:27.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pulse Secure Dektop Client",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "9.1R9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Pulse Secure Desktop Client \u003c 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation (CAPEC-233)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T12:47:07",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pulse Secure Dektop Client",
"version": {
"version_data": [
{
"version_value": "9.1R9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Pulse Secure Desktop Client \u003c 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation (CAPEC-233)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
"refsource": "MISC",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8241",
"datePublished": "2020-10-28T12:47:07",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:56:27.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-15865
Vulnerability from cvelistv5
Published
2018-09-06 23:00
Modified
2024-08-05 10:10
Severity ?
EPSS score ?
Summary
The Pulse Secure Desktop (macOS) has a Privilege Escalation Vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:10:04.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Pulse Secure Desktop (macOS) has a Privilege Escalation Vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-06T22:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Pulse Secure Desktop (macOS) has a Privilege Escalation Vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877",
"refsource": "CONFIRM",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15865",
"datePublished": "2018-09-06T23:00:00",
"dateReserved": "2018-08-24T00:00:00",
"dateUpdated": "2024-08-05T10:10:04.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-13162
Vulnerability from cvelistv5
Published
2020-06-16 19:41
Modified
2024-08-04 12:11
Severity ?
EPSS score ?
Summary
A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.pulsesecure.net/?atype=sa | x_refsource_MISC | |
| https://twitter.com/sepcali/status/1262551597990711296 | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2020/Jun/25 | mailing-list, x_refsource_FULLDISC | |
| https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/ | x_refsource_MISC | |
| http://packetstormsecurity.com/files/158117/Pulse-Secure-Client-For-Windows-Local-Privilege-Escalation.html | x_refsource_MISC | |
| https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44503 | x_refsource_CONFIRM | |
| https://twitter.com/gsepcali/status/1262551597990711296 | x_refsource_MISC | |
| https://twitter.com/gsepcali/status/1272927080909623297 | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2020/Sep/15 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/159065/Pulse-Secure-Windows-Client-Privilege-Escalation.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:19.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.pulsesecure.net/?atype=sa"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/sepcali/status/1262551597990711296"
},
{
"name": "20200616 Pulse Secure Client \u003c 9.1R6 TOCTOU Privilege Escalation (CVE-2020-13162)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Jun/25"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158117/Pulse-Secure-Client-For-Windows-Local-Privilege-Escalation.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44503"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/gsepcali/status/1262551597990711296"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/gsepcali/status/1272927080909623297"
},
{
"name": "20200904 Pulse Secure Windows Client \u003c9.1.6 (CVE-2020-13162) - exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/159065/Pulse-Secure-Windows-Client-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-04T21:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.pulsesecure.net/?atype=sa"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/sepcali/status/1262551597990711296"
},
{
"name": "20200616 Pulse Secure Client \u003c 9.1R6 TOCTOU Privilege Escalation (CVE-2020-13162)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Jun/25"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/158117/Pulse-Secure-Client-For-Windows-Local-Privilege-Escalation.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44503"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/gsepcali/status/1262551597990711296"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/gsepcali/status/1272927080909623297"
},
{
"name": "20200904 Pulse Secure Windows Client \u003c9.1.6 (CVE-2020-13162) - exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/159065/Pulse-Secure-Windows-Client-Privilege-Escalation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.pulsesecure.net/?atype=sa",
"refsource": "MISC",
"url": "https://kb.pulsesecure.net/?atype=sa"
},
{
"name": "https://twitter.com/sepcali/status/1262551597990711296",
"refsource": "MISC",
"url": "https://twitter.com/sepcali/status/1262551597990711296"
},
{
"name": "20200616 Pulse Secure Client \u003c 9.1R6 TOCTOU Privilege Escalation (CVE-2020-13162)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Jun/25"
},
{
"name": "https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/",
"refsource": "MISC",
"url": "https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/"
},
{
"name": "http://packetstormsecurity.com/files/158117/Pulse-Secure-Client-For-Windows-Local-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/158117/Pulse-Secure-Client-For-Windows-Local-Privilege-Escalation.html"
},
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44503",
"refsource": "CONFIRM",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44503"
},
{
"name": "https://twitter.com/gsepcali/status/1262551597990711296",
"refsource": "MISC",
"url": "https://twitter.com/gsepcali/status/1262551597990711296"
},
{
"name": "https://twitter.com/gsepcali/status/1272927080909623297",
"refsource": "MISC",
"url": "https://twitter.com/gsepcali/status/1272927080909623297"
},
{
"name": "20200904 Pulse Secure Windows Client \u003c9.1.6 (CVE-2020-13162) - exploit",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Sep/15"
},
{
"name": "http://packetstormsecurity.com/files/159065/Pulse-Secure-Windows-Client-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/159065/Pulse-Secure-Windows-Client-Privilege-Escalation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13162",
"datePublished": "2020-06-16T19:41:18",
"dateReserved": "2020-05-19T00:00:00",
"dateUpdated": "2024-08-04T12:11:19.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11213
Vulnerability from cvelistv5
Published
2019-04-12 14:27
Modified
2024-08-04 22:48
Severity ?
EPSS score ?
Summary
In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related issue to CVE-2019-1573. (The endpoint would need to be already compromised for exploitation to succeed.) This affects Pulse Desktop Client 5.x before Secure Desktop 5.3R7 and Pulse Desktop Client 9.x before Secure Desktop 9.0R3. It also affects (for Network Connect customers) Pulse Connect Secure 8.1 before 8.1R14, 8.3 before 8.3R7, and 9.0 before 9.0R3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.kb.cert.org/vuls/id/192371 | third-party-advisory, x_refsource_CERT-VN | |
| https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44114 | x_refsource_CONFIRM | |
| https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44114/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.014Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#192371",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/192371"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44114"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44114/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related issue to CVE-2019-1573. (The endpoint would need to be already compromised for exploitation to succeed.) This affects Pulse Desktop Client 5.x before Secure Desktop 5.3R7 and Pulse Desktop Client 9.x before Secure Desktop 9.0R3. It also affects (for Network Connect customers) Pulse Connect Secure 8.1 before 8.1R14, 8.3 before 8.3R7, and 9.0 before 9.0R3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-18T19:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#192371",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/192371"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44114"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44114/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related issue to CVE-2019-1573. (The endpoint would need to be already compromised for exploitation to succeed.) This affects Pulse Desktop Client 5.x before Secure Desktop 5.3R7 and Pulse Desktop Client 9.x before Secure Desktop 9.0R3. It also affects (for Network Connect customers) Pulse Connect Secure 8.1 before 8.1R14, 8.3 before 8.3R7, and 9.0 before 9.0R3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#192371",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/192371"
},
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44114",
"refsource": "CONFIRM",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44114"
},
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44114/",
"refsource": "MISC",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44114/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11213",
"datePublished": "2019-04-12T14:27:31",
"dateReserved": "2019-04-12T00:00:00",
"dateUpdated": "2024-08-04T22:48:09.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8255
Vulnerability from cvelistv5
Published
2020-10-28 12:46
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Pulse Connect Secure / Pulse Policy Secure |
Version: 9.1R9 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pulse Connect Secure / Pulse Policy Secure",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "9.1R9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Pulse Connect Secure \u003c 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation (CWE-20)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T12:46:59",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pulse Connect Secure / Pulse Policy Secure",
"version": {
"version_data": [
{
"version_value": "9.1R9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Pulse Connect Secure \u003c 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation (CWE-20)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
"refsource": "MISC",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8255",
"datePublished": "2020-10-28T12:46:59",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:56:28.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8239
Vulnerability from cvelistv5
Published
2020-10-28 12:46
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. This fix also requires Server Side Upgrade due to Standalone Host Checker Client (Windows) and Windows PDC.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Pulse Secure Desktop Cient |
Version: 9.1R9 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:27.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pulse Secure Desktop Cient",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "9.1R9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Pulse Secure Desktop Client \u003c 9.1R9 is vulnerable to the client registry privilege escalation attack. This fix also requires Server Side Upgrade due to Standalone Host Checker Client (Windows) and Windows PDC."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation (CAPEC-233)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T12:46:48",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pulse Secure Desktop Cient",
"version": {
"version_data": [
{
"version_value": "9.1R9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Pulse Secure Desktop Client \u003c 9.1R9 is vulnerable to the client registry privilege escalation attack. This fix also requires Server Side Upgrade due to Standalone Host Checker Client (Windows) and Windows PDC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation (CAPEC-233)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
"refsource": "MISC",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8239",
"datePublished": "2020-10-28T12:46:48",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:56:27.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8250
Vulnerability from cvelistv5
Published
2020-10-28 12:41
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Pulse Secure Desktop Client |
Version: 9.1R9 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pulse Secure Desktop Client",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "9.1R9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Pulse Secure Desktop Client (Linux) \u003c 9.1R9 could allow local attackers to escalate privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation (CAPEC-233)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T12:41:11",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pulse Secure Desktop Client",
"version": {
"version_data": [
{
"version_value": "9.1R9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Pulse Secure Desktop Client (Linux) \u003c 9.1R9 could allow local attackers to escalate privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation (CAPEC-233)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
"refsource": "MISC",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8250",
"datePublished": "2020-10-28T12:41:11",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:56:28.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8254
Vulnerability from cvelistv5
Published
2020-10-28 12:46
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security of connections between Pulse clients and Pulse Connect Secure, see below recommendation(s):Disable Dynamic certificate trust for PDC.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Pulse Secure Desktop Client |
Version: 9.1R9 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:27.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pulse Secure Desktop Client",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "9.1R9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Pulse Secure Desktop Client \u003c 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security of connections between Pulse clients and Pulse Connect Secure, see below recommendation(s):Disable Dynamic certificate trust for PDC."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "Relative Path Traversal (CWE-23)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T12:46:28",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pulse Secure Desktop Client",
"version": {
"version_data": [
{
"version_value": "9.1R9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Pulse Secure Desktop Client \u003c 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security of connections between Pulse clients and Pulse Connect Secure, see below recommendation(s):Disable Dynamic certificate trust for PDC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Relative Path Traversal (CWE-23)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
"refsource": "MISC",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8254",
"datePublished": "2020-10-28T12:46:28",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:56:27.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8260
Vulnerability from cvelistv5
Published
2020-10-28 12:47
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/160619/Pulse-Secure-VPN-Remote-Code-Execution.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Pulse Connect Secure / Pulse Policy Secure |
Version: 9.1R9 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:27.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/160619/Pulse-Secure-VPN-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pulse Connect Secure / Pulse Policy Secure",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "9.1R9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Pulse Connect Secure \u003c 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload of File with Dangerous Type (CWE-434)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-18T20:06:13",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/160619/Pulse-Secure-VPN-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8260",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pulse Connect Secure / Pulse Policy Secure",
"version": {
"version_data": [
{
"version_value": "9.1R9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Pulse Connect Secure \u003c 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unrestricted Upload of File with Dangerous Type (CWE-434)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
"refsource": "MISC",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"name": "http://packetstormsecurity.com/files/160619/Pulse-Secure-VPN-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/160619/Pulse-Secure-VPN-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8260",
"datePublished": "2020-10-28T12:47:13",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:56:27.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15408
Vulnerability from cvelistv5
Published
2020-07-28 14:59
Modified
2024-08-04 13:15
Severity ?
EPSS score ?
Summary
An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.pulsesecure.net/?atype=sa | x_refsource_MISC | |
| https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:15:20.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.pulsesecure.net/?atype=sa"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:N/C:L/I:L/PR:L/S:U/UI:R",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-28T14:59:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.pulsesecure.net/?atype=sa"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:N/C:L/I:L/PR:L/S:U/UI:R",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.pulsesecure.net/?atype=sa",
"refsource": "MISC",
"url": "https://kb.pulsesecure.net/?atype=sa"
},
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516",
"refsource": "CONFIRM",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15408",
"datePublished": "2020-07-28T14:59:21",
"dateReserved": "2020-06-30T00:00:00",
"dateUpdated": "2024-08-04T13:15:20.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-06-28 18:15
Modified
2024-11-21 04:02
Severity ?
Summary
An information exposure issue where IPv6 DNS traffic would be sent outside of the VPN tunnel (when Traffic Enforcement was enabled) exists in Pulse Secure Pulse Secure Desktop 9.0R1 and below. This is applicable only to dual-stack (IPv4/IPv6) endpoints.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:4.0:r1.0:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "F6FEAC7A-DC46-4334-B631-BB5DDD28D7EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:4.0:r10.0:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "478845B1-EB76-4E26-BC63-983FD0C81302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:4.0:r11.0:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "5888F242-DD03-4452-A16D-63AE9F2F3C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:4.0:r11.1:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "8AD8B7C8-5BBB-421A-A4D3-CD8E6BA2FD6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:4.0:r12.0:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "5EF0D642-D3CC-43D6-8C3B-DEF74598B849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:4.0:r13.0:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "4E2DD454-6B88-4831-84C8-5C220D4B2535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:4.0:r2.0:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "2CA76304-E77F-40FB-94AE-7FAB05E8898D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:4.0:r3.0:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "0B96B4E1-B80C-4D71-A7CF-8465A1B9EE84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:4.0:r4.0:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "733ACB57-E4B2-4E2E-A21D-E007FA118327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:4.0:r5.0:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "3154F445-7DE0-4E14-8F4F-291B12AC49E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:4.0:r6.0:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "6E5E8C37-B618-4E2C-AAB7-8A417BCB10B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:4.0:r7.0:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "E7D60E02-F823-4898-A7F8-76763192115F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:4.0:r8.0:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "8D7BF91F-67EA-4F22-9A72-455E89C9EF63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:4.0:r9.0:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "BC88C4B6-763E-4BD2-8F4A-A1BD10EF789B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:4.0:r9.1:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "2C6939F9-1822-43A2-8603-75E64D445CAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:4.0:r9.2:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "A24A6C6D-432A-4883-A208-AC2EA1704977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1:r1.0:*:*:*:macos:*:*",
"matchCriteriaId": "053DFC37-B75B-410B-8C8F-29B2F05B3A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1:r1.1:*:*:*:macos:*:*",
"matchCriteriaId": "E7720FB6-CE48-4BC2-A9BF-FC6584F2E859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1:r10.0:*:*:*:macos:*:*",
"matchCriteriaId": "AA15F6D3-5768-4246-B299-3DB71B22DCB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1:r11.0:*:*:*:macos:*:*",
"matchCriteriaId": "220B3F40-7087-4DDE-B9BC-C7C30A37BDA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1:r11.1:*:*:*:macos:*:*",
"matchCriteriaId": "9C8FA812-6F71-4397-980A-AE1E215F8B49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1:r12.0:*:*:*:macos:*:*",
"matchCriteriaId": "4EB94E2D-8601-4107-9294-57359FD80382",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1:r13.0:*:*:*:macos:*:*",
"matchCriteriaId": "BCFDE7A5-545B-4993-B01E-B658C27D39BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1:r14.0:*:*:*:macos:*:*",
"matchCriteriaId": "6A61B224-89FB-4493-87D6-284ABDB0B168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1:r2.0:*:*:*:macos:*:*",
"matchCriteriaId": "0E870F9B-80CF-4750-9AD6-05102B212179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1:r3.0:*:*:*:macos:*:*",
"matchCriteriaId": "193FD9D7-0EE6-44FE-9D52-1F73BF3F09F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1:r3.1:*:*:*:macos:*:*",
"matchCriteriaId": "DBFFF1C0-97D1-448F-B61B-9DEA7A0B6F0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1:r4.0:*:*:*:macos:*:*",
"matchCriteriaId": "3C0A57F1-4C29-4A2F-A07D-E0F1CAB49AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1:r5.1:*:*:*:macos:*:*",
"matchCriteriaId": "C07FA018-8BA9-4EB6-AED4-71BD041BB17C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1:r6.0:*:*:*:macos:*:*",
"matchCriteriaId": "70891236-B587-429C-8662-17C89FBC5A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1:r7.0:*:*:*:macos:*:*",
"matchCriteriaId": "30A98DE4-A9FB-459B-B9C9-82B39755D202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1:r8.0:*:*:*:macos:*:*",
"matchCriteriaId": "71DD19B3-19E8-4370-AE16-2768BF99AD5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1:r9.0:*:*:*:macos:*:*",
"matchCriteriaId": "F9593E2D-37E8-441A-8DD0-B54D7F7450EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1:r9.1:*:*:*:macos:*:*",
"matchCriteriaId": "41B3306E-DF2E-4290-9CEF-B390EAEF1613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r:3.2:*:*:*:macos:*:*",
"matchCriteriaId": "10EA7C78-01D5-4FD5-BED9-9BE2ED6CFB62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r:5.0:*:*:*:macos:*:*",
"matchCriteriaId": "F3630DC6-E573-464E-8998-CAED241C66A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r1:*:*:*:macos:*:*",
"matchCriteriaId": "05F11D9B-5D48-4458-A538-000E514ADB07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r1.1:*:*:*:macos:*:*",
"matchCriteriaId": "24DEA646-6F9A-4A34-9FC3-2BD4044FE49D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r2:*:*:*:macos:*:*",
"matchCriteriaId": "8D173E98-823F-42B7-8175-5D1530B2C4A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r3:*:*:*:macos:*:*",
"matchCriteriaId": "6E18D76D-36C3-47E4-A510-1E0D14C9FDFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r4:*:*:*:macos:*:*",
"matchCriteriaId": "477BE870-ED64-4B86-9379-27BEC443FDF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r4.1:*:*:*:macos:*:*",
"matchCriteriaId": "F6F67A14-544D-4613-A016-C538ABA61051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r4.2:*:*:*:macos:*:*",
"matchCriteriaId": "42808ADA-F28D-4861-AA02-457D355F5959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r5:*:*:*:macos:*:*",
"matchCriteriaId": "B8596020-8A36-441F-BC49-97AEF89E2320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r5.2:*:*:*:macos:*:*",
"matchCriteriaId": "314B227A-A368-40D8-98C2-17C771ABDA08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r6:*:*:*:macos:*:*",
"matchCriteriaId": "306CC768-4C7A-443E-9193-423B9269CF0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r7:*:*:*:macos:*:*",
"matchCriteriaId": "3A33BEE3-3BA3-47B8-A71D-F1AAD153E798",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0:r1:*:*:*:macos:*:*",
"matchCriteriaId": "9EF60FD2-060C-456D-A737-E27097C2F021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0:r2:*:*:*:macos:*:*",
"matchCriteriaId": "01FF161B-A5D0-4F70-922F-D8BABEE1780F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0:r2.1:*:*:*:macos:*:*",
"matchCriteriaId": "D42A0430-607B-49E7-A7F5-2C7AD8F3ED9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0:r3:*:*:*:macos:*:*",
"matchCriteriaId": "B8CA2E37-99C9-4E86-8808-04C7957CEEF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0:r3.2:*:*:*:macos:*:*",
"matchCriteriaId": "2208338F-6193-41BA-AA5F-9F8F49576AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0:r4:*:*:*:macos:*:*",
"matchCriteriaId": "8200F10B-D6C9-49D9-BEBB-5174A5CF758A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information exposure issue where IPv6 DNS traffic would be sent outside of the VPN tunnel (when Traffic Enforcement was enabled) exists in Pulse Secure Pulse Secure Desktop 9.0R1 and below. This is applicable only to dual-stack (IPv4/IPv6) endpoints."
},
{
"lang": "es",
"value": "Existe un problema de exposici\u00f3n a la informaci\u00f3n donde el tr\u00e1fico DNS de IPv6 se enviar\u00eda fuera del t\u00fanel VPN (cuando se habilit\u00f3 la aplicaci\u00f3n de tr\u00e1fico) en Pulse Secure Pulse Secure Desktop 9.0R1 e inferior. Esto se aplica solo a los puntos finales de doble pila (IPv4 / IPv6)."
}
],
"id": "CVE-2018-20812",
"lastModified": "2024-11-21T04:02:14.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-28T18:15:11.143",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-06 23:29
Modified
2024-11-21 03:51
Severity ?
Summary
The Pulse Secure Desktop (macOS) has a Privilege Escalation Vulnerability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r1.0:*:*:*:*:macos:*:*",
"matchCriteriaId": "4D0CF4B3-154A-485A-BB92-74682A736EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r1.1:*:*:*:*:macos:*:*",
"matchCriteriaId": "8E245558-52E6-4F7F-B364-46D93BBE45B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r2.0:*:*:*:*:macos:*:*",
"matchCriteriaId": "423103BF-B95E-4B79-91CF-33CE85FC2267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r3.0:*:*:*:*:macos:*:*",
"matchCriteriaId": "0C8F43F0-4CE8-4DD9-8DCE-8B9C5E4C0A85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r3.1:*:*:*:*:macos:*:*",
"matchCriteriaId": "77BEF4E1-195A-4EEC-864D-3B6998A6325B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r3.2:*:*:*:*:macos:*:*",
"matchCriteriaId": "97B6D2CB-55C7-43D1-8000-81AEB7F655E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r4.0:*:*:*:*:macos:*:*",
"matchCriteriaId": "C0FE0E2D-5B8F-406B-B564-B8D226F661FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r5.0:*:*:*:*:macos:*:*",
"matchCriteriaId": "8E30A2C5-58FC-4E51-8B44-D823A563946A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r5.1:*:*:*:*:macos:*:*",
"matchCriteriaId": "13D077B9-5D87-4053-A41C-9D25C6FCD58E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r6.0:*:*:*:*:macos:*:*",
"matchCriteriaId": "617C012E-FAB8-4745-9BCF-83CB3F88A6E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r7.0:*:*:*:*:macos:*:*",
"matchCriteriaId": "BE2CA798-CC59-4095-865E-3F7011F8D299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r8.0:*:*:*:*:macos:*:*",
"matchCriteriaId": "6CB337B2-50E6-4C36-AEC9-06D86520E602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r9.0:*:*:*:*:macos:*:*",
"matchCriteriaId": "8C0A9500-504C-4BF8-BC04-6DCB97DA154F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r9.1:*:*:*:*:macos:*:*",
"matchCriteriaId": "DFBF3F18-BDF1-4B05-847D-0CC8EEB93E5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r10.0:*:*:*:*:macos:*:*",
"matchCriteriaId": "77F46AD5-FE27-45D1-BEFB-8200C5F73872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1rx:*:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "DA46F34C-D717-411A-A0C2-687074457A42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r1:*:*:*:*:macos:*:*",
"matchCriteriaId": "D82F2294-E7C5-4F67-A07A-4270B2F34C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r1.1:*:*:*:*:macos:*:*",
"matchCriteriaId": "75441DFF-D08C-4DAA-89C0-183A639DB317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r2:*:*:*:*:macos:*:*",
"matchCriteriaId": "F692C2C0-50E6-4DD4-A417-CF9717064E65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r3:*:*:*:*:macos:*:*",
"matchCriteriaId": "E5C771CC-EA62-48CE-B0B1-41737DDB3110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r4:*:*:*:*:macos:*:*",
"matchCriteriaId": "1A46D6DE-4881-480A-88F7-58307387E97F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r4.1:*:*:*:*:macos:*:*",
"matchCriteriaId": "94A8DBBC-D706-464C-BDE2-48ADECB9E0CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r4.2:*:*:*:*:macos:*:*",
"matchCriteriaId": "56533B57-8F44-4918-937B-0F5D9C61B785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r5:*:*:*:*:macos:*:*",
"matchCriteriaId": "84EFC8CD-F967-4DA6-894B-854B206D8D4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r5.2:*:*:*:*:macos:*:*",
"matchCriteriaId": "9739E758-42AC-4497-8406-98DE74CE0F9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Pulse Secure Desktop (macOS) has a Privilege Escalation Vulnerability."
},
{
"lang": "es",
"value": "Pulse Secure Desktop (macOS) tiene una vulnerabilidad de escalada de privilegios."
}
],
"id": "CVE-2018-15865",
"lastModified": "2024-11-21T03:51:36.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-06T23:29:00.803",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-28 13:15
Modified
2024-11-21 05:38
Severity ?
Summary
A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "87BF5FC6-3D85-4C88-AD32-23A1BB4975A8",
"versionEndExcluding": "9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:-:*:*:*:linux:*:*",
"matchCriteriaId": "E758965F-26DB-4EDC-93E6-F070B977E92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r1:*:*:*:linux:*:*",
"matchCriteriaId": "524B043E-80B3-4E60-BDDB-55A29A04DA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r2:*:*:*:linux:*:*",
"matchCriteriaId": "1E79BF74-D489-4A8D-8135-E5427D43DE2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3:*:*:*:linux:*:*",
"matchCriteriaId": "71C518EF-BFF6-41EE-A696-311E6EB3C17D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3.1:*:*:*:linux:*:*",
"matchCriteriaId": "B0840530-B0F7-4BBA-BC55-4BF2C2D59DF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4:*:*:*:linux:*:*",
"matchCriteriaId": "6F98E7F0-6D2D-4238-BABF-15841BE32605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.1:*:*:*:linux:*:*",
"matchCriteriaId": "EB616A5D-8B22-4C0D-8E09-073B4778430E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.2:*:*:*:linux:*:*",
"matchCriteriaId": "40E3E61D-0716-408A-BBF6-6336FED8F618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r5:*:*:*:linux:*:*",
"matchCriteriaId": "3F066817-5364-47F5-9211-9F4FDD958BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r6:*:*:*:linux:*:*",
"matchCriteriaId": "661A0EB6-4CCC-4744-B0E9-81A0E3E2BB37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r7:*:*:*:linux:*:*",
"matchCriteriaId": "CEB6A361-FD3C-4263-92E2-B2DBCDE20674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r7.1:*:*:*:linux:*:*",
"matchCriteriaId": "5C64CBA6-AAD2-4151-BE72-4F68934D94BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r8:*:*:*:linux:*:*",
"matchCriteriaId": "8BAFB239-5C78-4F3D-9CDA-D67A74B2AF05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r8.2:*:*:*:linux:*:*",
"matchCriteriaId": "7A0DDA55-66D2-43A1-AEB2-26192150DC83",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Pulse Secure Desktop Client (Linux) \u003c 9.1R9 could allow local attackers to escalate privilege."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Pulse Secure Desktop Client (Linux) versiones anteriores a 9.1R9, podr\u00eda permitir a atacantes locales escalar privilegios"
}
],
"id": "CVE-2020-8250",
"lastModified": "2024-11-21T05:38:35.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-28T13:15:12.650",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-29 16:29
Modified
2024-11-21 03:42
Severity ?
Summary
Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/106054 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.themissinglink.com.au/security-advisories-cve-2017-16878-0 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106054 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.themissinglink.com.au/security-advisories-cve-2017-16878-0 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pulsesecure | pulse_secure_desktop_client | 5.3r1 | |
| pulsesecure | pulse_secure_desktop_client | 5.3r1.1 | |
| pulsesecure | pulse_secure_desktop_client | 5.3r2 | |
| pulsesecure | pulse_secure_desktop_client | 5.3r3 | |
| pulsesecure | pulse_secure_desktop_client | 5.3r4 | |
| pulsesecure | pulse_secure_desktop_client | 5.3r4.1 | |
| pulsesecure | pulse_secure_desktop_client | 5.3r4.2 | |
| pulsesecure | pulse_secure_desktop_client | 5.3r5 | |
| pulsesecure | pulse_secure_desktop_client | 5.3r5.2 | |
| pulsesecure | pulse_secure_desktop_client | 5.3r6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r1:*:*:*:*:windows:*:*",
"matchCriteriaId": "CEFC320A-C766-4CDB-821F-38E7BCD29A92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r1.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "2FFEC469-631A-46CB-A8E1-D40EAD13723A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r2:*:*:*:*:windows:*:*",
"matchCriteriaId": "E35C87D3-AA3F-458E-917C-9A26A207150A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r3:*:*:*:*:windows:*:*",
"matchCriteriaId": "F2413F85-C9AD-4DB1-967F-D9F32EFE278E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r4:*:*:*:*:windows:*:*",
"matchCriteriaId": "7E5335AC-D908-42C1-94EE-5DD99DE1E26B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r4.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "B2CD2EEC-8CFB-48C1-9412-9DFA7692466E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r4.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "DAADB2AC-95A0-43F3-B966-AC57FFEE203D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r5:*:*:*:*:windows:*:*",
"matchCriteriaId": "423D3FE6-ACB4-43AC-8B05-624DE78CF4FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r5.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "13CEC426-F457-4084-B788-688719DBF1C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r6:*:*:*:*:windows:*:*",
"matchCriteriaId": "EEAD2760-513D-475B-9F1E-4C4CB1484D6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions."
},
{
"lang": "es",
"value": "Pulse Secure Desktop Client desde la versi\u00f3n 5.3 hasta la R6.0 build 1769 en Windows tiene permisos no seguros."
}
],
"id": "CVE-2018-11002",
"lastModified": "2024-11-21T03:42:28.247",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-29T16:29:00.277",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106054"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories-cve-2017-16878-0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories-cve-2017-16878-0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-28 13:15
Modified
2024-11-21 05:38
Severity ?
Summary
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Windows PDC if the Embedded Browser is configured with the Credential Provider.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F3BBCA2A-A964-4B88-84D2-09199D7830D2",
"versionEndExcluding": "9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r1:*:*:*:windows:*:*",
"matchCriteriaId": "5D8D50A3-4BCA-424C-80A6-FB748505E322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r2:*:*:*:windows:*:*",
"matchCriteriaId": "4582A0E1-A8CE-41F1-B66B-093B6A6B0C5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3:*:*:*:windows:*:*",
"matchCriteriaId": "E752E4C2-30CB-46D1-A785-49EDF2A15248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3.1:*:*:*:windows:*:*",
"matchCriteriaId": "75017203-FA52-4C5D-9B9C-E38F26852BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4:*:*:*:windows:*:*",
"matchCriteriaId": "C6460E3E-758A-41AC-A1A3-7288B5030C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.1:*:*:*:windows:*:*",
"matchCriteriaId": "D16AD2E8-9C7D-4EA2-8AF1-881546E97D75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.2:*:*:*:windows:*:*",
"matchCriteriaId": "FFB49374-0F24-41BA-BC44-51DC22D27B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r5:*:*:*:windows:*:*",
"matchCriteriaId": "3996F908-D6EE-461B-8A2B-BF2FD94BB776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r6:*:*:*:windows:*:*",
"matchCriteriaId": "F51DF92D-EEEC-4F2D-902C-6084201CAF05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r7:*:*:*:windows:*:*",
"matchCriteriaId": "A502DBE4-F14E-4115-8AFE-12D47AEAFEF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r7.1:*:*:*:windows:*:*",
"matchCriteriaId": "EC134B99-2DDE-43F1-9808-A4AC4FDD943E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r8:*:*:*:windows:*:*",
"matchCriteriaId": "A34AEAC3-082E-4EA3-B46B-782F11053F15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r8.2:*:*:*:windows:*:*",
"matchCriteriaId": "32465036-9876-4AAD-86A0-C5503C0C55F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Pulse Secure Desktop Client \u003c 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Windows PDC if the Embedded Browser is configured with the Credential Provider."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Pulse Secure Desktop Client versiones anteriores a 9.1R9, permite que un usuario restringido en una m\u00e1quina endpoint pueda usar privilegios de nivel system si el Embedded Browser est\u00e1 configurado con Credential Provider.\u0026#xa0;Esta vulnerabilidad solo afecta Windows PDC si el Embedded Browser est\u00e1 configurado con el Credential Provider"
}
],
"id": "CVE-2020-8240",
"lastModified": "2024-11-21T05:38:34.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-28T13:15:12.387",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-28 13:15
Modified
2024-11-21 05:38
Severity ?
Summary
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | http://packetstormsecurity.com/files/160619/Pulse-Secure-VPN-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| support@hackerone.com | https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/160619/Pulse-Secure-VPN-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 | Vendor Advisory |
Impacted products
{
"cisaActionDue": "2021-04-23",
"cisaExploitAdd": "2021-11-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Ivanti Pulse Connect Secure Code Execution Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "87BF5FC6-3D85-4C88-AD32-23A1BB4975A8",
"versionEndExcluding": "9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:-:*:*:*:linux:*:*",
"matchCriteriaId": "E758965F-26DB-4EDC-93E6-F070B977E92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r1:*:*:*:linux:*:*",
"matchCriteriaId": "524B043E-80B3-4E60-BDDB-55A29A04DA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r2:*:*:*:linux:*:*",
"matchCriteriaId": "1E79BF74-D489-4A8D-8135-E5427D43DE2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3:*:*:*:linux:*:*",
"matchCriteriaId": "71C518EF-BFF6-41EE-A696-311E6EB3C17D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3.1:*:*:*:linux:*:*",
"matchCriteriaId": "B0840530-B0F7-4BBA-BC55-4BF2C2D59DF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4:*:*:*:linux:*:*",
"matchCriteriaId": "6F98E7F0-6D2D-4238-BABF-15841BE32605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.1:*:*:*:linux:*:*",
"matchCriteriaId": "EB616A5D-8B22-4C0D-8E09-073B4778430E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.2:*:*:*:linux:*:*",
"matchCriteriaId": "40E3E61D-0716-408A-BBF6-6336FED8F618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r5:*:*:*:linux:*:*",
"matchCriteriaId": "3F066817-5364-47F5-9211-9F4FDD958BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r6:*:*:*:linux:*:*",
"matchCriteriaId": "661A0EB6-4CCC-4744-B0E9-81A0E3E2BB37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r7:*:*:*:linux:*:*",
"matchCriteriaId": "CEB6A361-FD3C-4263-92E2-B2DBCDE20674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r7.1:*:*:*:linux:*:*",
"matchCriteriaId": "5C64CBA6-AAD2-4151-BE72-4F68934D94BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r8:*:*:*:linux:*:*",
"matchCriteriaId": "8BAFB239-5C78-4F3D-9CDA-D67A74B2AF05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r8.2:*:*:*:linux:*:*",
"matchCriteriaId": "7A0DDA55-66D2-43A1-AEB2-26192150DC83",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Pulse Connect Secure \u003c 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz web de administraci\u00f3n en Pulse Connect Secure versiones anteriores a 9.1R9, podr\u00eda permitir a un atacante autenticado llevar a cabo una ejecuci\u00f3n de c\u00f3digo arbitraria usando una extracci\u00f3n gzip no controlada"
}
],
"id": "CVE-2020-8260",
"lastModified": "2024-11-21T05:38:36.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-28T13:15:13.027",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/160619/Pulse-Secure-VPN-Remote-Code-Execution.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/160619/Pulse-Secure-VPN-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-06 23:29
Modified
2024-11-21 03:52
Severity ?
Summary
In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pulsesecure | pulse_secure_desktop_client | 5.3r1 | |
| pulsesecure | pulse_secure_desktop_client | 5.3r1.1 | |
| pulsesecure | pulse_secure_desktop_client | 5.3r2 | |
| pulsesecure | pulse_secure_desktop_client | 5.3r3 | |
| pulsesecure | pulse_secure_desktop_client | 5.3r4 | |
| pulsesecure | pulse_secure_desktop_client | 5.3r4.1 | |
| pulsesecure | pulse_secure_desktop_client | 5.3r4.2 | |
| pulsesecure | pulse_secure_desktop_client | 5.3rx | |
| pulsesecure | pulse_secure_desktop_client | 9.0r1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r1:*:*:*:*:windows:*:*",
"matchCriteriaId": "CEFC320A-C766-4CDB-821F-38E7BCD29A92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r1.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "2FFEC469-631A-46CB-A8E1-D40EAD13723A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r2:*:*:*:*:windows:*:*",
"matchCriteriaId": "E35C87D3-AA3F-458E-917C-9A26A207150A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r3:*:*:*:*:windows:*:*",
"matchCriteriaId": "F2413F85-C9AD-4DB1-967F-D9F32EFE278E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r4:*:*:*:*:windows:*:*",
"matchCriteriaId": "7E5335AC-D908-42C1-94EE-5DD99DE1E26B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r4.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "B2CD2EEC-8CFB-48C1-9412-9DFA7692466E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r4.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "DAADB2AC-95A0-43F3-B966-AC57FFEE203D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3rx:*:*:*:*:windows:*:*",
"matchCriteriaId": "7F68A04B-BA9D-424C-AC3C-FAC4D6993574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0r1:*:*:*:*:windows:*:*",
"matchCriteriaId": "EB0E7AF2-F7B3-4C1E-9ADC-807BCAB3CA78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust."
},
{
"lang": "es",
"value": "Pulse Secure Pulse Desktop Client, en versiones 5.3RX anteriores a la 5.3R5 y versi\u00f3n 9.0R1, tiene una vulnerabilidad de escalada de privilegios con Dynamic Certificate Trust."
}
],
"id": "CVE-2018-16261",
"lastModified": "2024-11-21T03:52:24.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-06T23:29:01.083",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-12 15:29
Modified
2024-11-21 04:20
Severity ?
Summary
In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related issue to CVE-2019-1573. (The endpoint would need to be already compromised for exploitation to succeed.) This affects Pulse Desktop Client 5.x before Secure Desktop 5.3R7 and Pulse Desktop Client 9.x before Secure Desktop 9.0R3. It also affects (for Network Connect customers) Pulse Connect Secure 8.1 before 8.1R14, 8.3 before 8.3R7, and 9.0 before 9.0R3.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44114 | Vendor Advisory | |
| cve@mitre.org | https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44114/ | Vendor Advisory | |
| cve@mitre.org | https://www.kb.cert.org/vuls/id/192371 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44114 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44114/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/192371 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ivanti | connect_secure | * | |
| pulsesecure | pulse_connect_secure | * | |
| pulsesecure | pulse_connect_secure | * | |
| pulsesecure | pulse_secure_desktop_client | * | |
| pulsesecure | pulse_secure_desktop_client | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28C2FF1B-EFAD-4DAE-B6A0-F116D3352F73",
"versionEndExcluding": "9.0r3",
"versionStartIncluding": "9.0r1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4327BA6A-8DE3-4DFD-99F2-BF1341389963",
"versionEndIncluding": "8.1r14.0",
"versionStartIncluding": "8.1r1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A563F427-C781-4FA4-BAE9-B8D9FE345E61",
"versionEndExcluding": "8.3r7",
"versionStartIncluding": "8.3r1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "854EDA08-BE02-4E8D-AE7D-3B6C3B9B3CF0",
"versionEndExcluding": "5.3r7",
"versionStartIncluding": "5.0r1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "265AC18D-20CC-4835-A864-3B14BC00D02C",
"versionEndExcluding": "9.0r3",
"versionStartIncluding": "9.0r1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related issue to CVE-2019-1573. (The endpoint would need to be already compromised for exploitation to succeed.) This affects Pulse Desktop Client 5.x before Secure Desktop 5.3R7 and Pulse Desktop Client 9.x before Secure Desktop 9.0R3. It also affects (for Network Connect customers) Pulse Connect Secure 8.1 before 8.1R14, 8.3 before 8.3R7, and 9.0 before 9.0R3."
},
{
"lang": "es",
"value": "En Pulse Secure Pulse Desktop Client y Network Connect, un atacante podr\u00eda acceder a los tokens de sesi\u00f3n para responder y suplantar sesiones, y , como resultado, obtener acceso no autorizado como usuario final, un problema relacionado con el identificador CVE-2019-1573. (El endpoint tendr\u00eda que estar ya comprometido para que la explotaci\u00f3n tenga \u00e9xito.) Esto afecta a Pulse Desktop Client 5.x anterior a Secure Desktop 5.3R7 y a Pulse Desktop Client 9.x anterior a Secure Desktop 9.0R3. Tambi\u00e9n afecta (para clientes Network Connect) a Pulse Connect Secure 8.1 anterior a 8.1R14, 8.3 anterior a 8.3R7, y 9.0 anterior a 9.0R3."
}
],
"id": "CVE-2019-11213",
"lastModified": "2024-11-21T04:20:44.373",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-12T15:29:00.230",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44114"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44114/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/192371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44114/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/192371"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-28 13:15
Modified
2024-11-21 05:38
Severity ?
Summary
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security of connections between Pulse clients and Pulse Connect Secure, see below recommendation(s):Disable Dynamic certificate trust for PDC.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F3BBCA2A-A964-4B88-84D2-09199D7830D2",
"versionEndExcluding": "9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r1:*:*:*:windows:*:*",
"matchCriteriaId": "5D8D50A3-4BCA-424C-80A6-FB748505E322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r2:*:*:*:windows:*:*",
"matchCriteriaId": "4582A0E1-A8CE-41F1-B66B-093B6A6B0C5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3:*:*:*:windows:*:*",
"matchCriteriaId": "E752E4C2-30CB-46D1-A785-49EDF2A15248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3.1:*:*:*:windows:*:*",
"matchCriteriaId": "75017203-FA52-4C5D-9B9C-E38F26852BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4:*:*:*:windows:*:*",
"matchCriteriaId": "C6460E3E-758A-41AC-A1A3-7288B5030C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.1:*:*:*:windows:*:*",
"matchCriteriaId": "D16AD2E8-9C7D-4EA2-8AF1-881546E97D75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.2:*:*:*:windows:*:*",
"matchCriteriaId": "FFB49374-0F24-41BA-BC44-51DC22D27B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r5:*:*:*:windows:*:*",
"matchCriteriaId": "3996F908-D6EE-461B-8A2B-BF2FD94BB776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r6:*:*:*:windows:*:*",
"matchCriteriaId": "F51DF92D-EEEC-4F2D-902C-6084201CAF05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r7:*:*:*:windows:*:*",
"matchCriteriaId": "A502DBE4-F14E-4115-8AFE-12D47AEAFEF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r7.1:*:*:*:windows:*:*",
"matchCriteriaId": "EC134B99-2DDE-43F1-9808-A4AC4FDD943E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r8:*:*:*:windows:*:*",
"matchCriteriaId": "A34AEAC3-082E-4EA3-B46B-782F11053F15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r8.2:*:*:*:windows:*:*",
"matchCriteriaId": "32465036-9876-4AAD-86A0-C5503C0C55F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Pulse Secure Desktop Client \u003c 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security of connections between Pulse clients and Pulse Connect Secure, see below recommendation(s):Disable Dynamic certificate trust for PDC."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Pulse Secure Desktop Client versiones anteriores a 9.1R9, presenta una Ejecuci\u00f3n de C\u00f3digo Remota (RCE) si usuarios pueden ser convencidos a conectarse a un servidor malicioso.\u0026#xa0;Esta vulnerabilidad solo afecta a Windows PDC. Para mejorar la seguridad de las conexiones entre los clientes Pulse y Pulse Connect Secure, v\u00e9ase la(s) siguiente(s) recomendaci\u00f3n(es): Deshabilite el certificado confiable din\u00e1mico para PDC"
}
],
"id": "CVE-2020-8254",
"lastModified": "2024-11-21T05:38:35.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-28T13:15:12.747",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-23"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-28 13:15
Modified
2024-11-21 05:38
Severity ?
Summary
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "87BF5FC6-3D85-4C88-AD32-23A1BB4975A8",
"versionEndExcluding": "9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r1:*:*:*:linux:*:*",
"matchCriteriaId": "524B043E-80B3-4E60-BDDB-55A29A04DA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r2:*:*:*:linux:*:*",
"matchCriteriaId": "1E79BF74-D489-4A8D-8135-E5427D43DE2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3:*:*:*:linux:*:*",
"matchCriteriaId": "71C518EF-BFF6-41EE-A696-311E6EB3C17D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3.1:*:*:*:linux:*:*",
"matchCriteriaId": "B0840530-B0F7-4BBA-BC55-4BF2C2D59DF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4:*:*:*:linux:*:*",
"matchCriteriaId": "6F98E7F0-6D2D-4238-BABF-15841BE32605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.1:*:*:*:linux:*:*",
"matchCriteriaId": "EB616A5D-8B22-4C0D-8E09-073B4778430E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.2:*:*:*:linux:*:*",
"matchCriteriaId": "40E3E61D-0716-408A-BBF6-6336FED8F618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r5:*:*:*:linux:*:*",
"matchCriteriaId": "3F066817-5364-47F5-9211-9F4FDD958BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r6:*:*:*:linux:*:*",
"matchCriteriaId": "661A0EB6-4CCC-4744-B0E9-81A0E3E2BB37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r7:*:*:*:linux:*:*",
"matchCriteriaId": "CEB6A361-FD3C-4263-92E2-B2DBCDE20674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r7.1:*:*:*:linux:*:*",
"matchCriteriaId": "5C64CBA6-AAD2-4151-BE72-4F68934D94BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r8:*:*:*:linux:*:*",
"matchCriteriaId": "8BAFB239-5C78-4F3D-9CDA-D67A74B2AF05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r8.2:*:*:*:linux:*:*",
"matchCriteriaId": "7A0DDA55-66D2-43A1-AEB2-26192150DC83",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Pulse Secure Desktop Client \u003c 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Pulse Secure Desktop Client versiones anteriores a 9.1R9, podr\u00eda permitir a un atacante llevar a cabo un ataque MITM si los usuarios finales con convencidos de conectarse a un servidor malicioso"
}
],
"id": "CVE-2020-8241",
"lastModified": "2024-11-21T05:38:34.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-28T13:15:12.447",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-28 13:15
Modified
2024-11-21 05:38
Severity ?
Summary
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "87BF5FC6-3D85-4C88-AD32-23A1BB4975A8",
"versionEndExcluding": "9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:-:*:*:*:linux:*:*",
"matchCriteriaId": "E758965F-26DB-4EDC-93E6-F070B977E92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r1:*:*:*:linux:*:*",
"matchCriteriaId": "524B043E-80B3-4E60-BDDB-55A29A04DA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r2:*:*:*:linux:*:*",
"matchCriteriaId": "1E79BF74-D489-4A8D-8135-E5427D43DE2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3:*:*:*:linux:*:*",
"matchCriteriaId": "71C518EF-BFF6-41EE-A696-311E6EB3C17D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3.1:*:*:*:linux:*:*",
"matchCriteriaId": "B0840530-B0F7-4BBA-BC55-4BF2C2D59DF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4:*:*:*:linux:*:*",
"matchCriteriaId": "6F98E7F0-6D2D-4238-BABF-15841BE32605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.1:*:*:*:linux:*:*",
"matchCriteriaId": "EB616A5D-8B22-4C0D-8E09-073B4778430E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.2:*:*:*:linux:*:*",
"matchCriteriaId": "40E3E61D-0716-408A-BBF6-6336FED8F618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r5:*:*:*:linux:*:*",
"matchCriteriaId": "3F066817-5364-47F5-9211-9F4FDD958BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r6:*:*:*:linux:*:*",
"matchCriteriaId": "661A0EB6-4CCC-4744-B0E9-81A0E3E2BB37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r7:*:*:*:linux:*:*",
"matchCriteriaId": "CEB6A361-FD3C-4263-92E2-B2DBCDE20674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r7.1:*:*:*:linux:*:*",
"matchCriteriaId": "5C64CBA6-AAD2-4151-BE72-4F68934D94BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r8:*:*:*:linux:*:*",
"matchCriteriaId": "8BAFB239-5C78-4F3D-9CDA-D67A74B2AF05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r8.2:*:*:*:linux:*:*",
"matchCriteriaId": "7A0DDA55-66D2-43A1-AEB2-26192150DC83",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Pulse Connect Secure \u003c 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz web de administraci\u00f3n Pulse Connect Secure versiones anteriores a 9.1R9, podr\u00eda permitir a un atacante autenticado llevar a cabo una lectura de archivos arbitraria. La vulnerabilidad es corregida usando blacklisting de URL cifrada que impiden estos mensajes"
}
],
"id": "CVE-2020-8255",
"lastModified": "2024-11-21T05:38:36.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-28T13:15:12.963",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-28 13:15
Modified
2024-11-21 05:38
Severity ?
Summary
A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "87BF5FC6-3D85-4C88-AD32-23A1BB4975A8",
"versionEndExcluding": "9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r1:*:*:*:linux:*:*",
"matchCriteriaId": "524B043E-80B3-4E60-BDDB-55A29A04DA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r2:*:*:*:linux:*:*",
"matchCriteriaId": "1E79BF74-D489-4A8D-8135-E5427D43DE2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3:*:*:*:linux:*:*",
"matchCriteriaId": "71C518EF-BFF6-41EE-A696-311E6EB3C17D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3.1:*:*:*:linux:*:*",
"matchCriteriaId": "B0840530-B0F7-4BBA-BC55-4BF2C2D59DF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4:*:*:*:linux:*:*",
"matchCriteriaId": "6F98E7F0-6D2D-4238-BABF-15841BE32605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.1:*:*:*:linux:*:*",
"matchCriteriaId": "EB616A5D-8B22-4C0D-8E09-073B4778430E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.2:*:*:*:linux:*:*",
"matchCriteriaId": "40E3E61D-0716-408A-BBF6-6336FED8F618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r5:*:*:*:linux:*:*",
"matchCriteriaId": "3F066817-5364-47F5-9211-9F4FDD958BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r6:*:*:*:linux:*:*",
"matchCriteriaId": "661A0EB6-4CCC-4744-B0E9-81A0E3E2BB37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r7:*:*:*:linux:*:*",
"matchCriteriaId": "CEB6A361-FD3C-4263-92E2-B2DBCDE20674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r7.1:*:*:*:linux:*:*",
"matchCriteriaId": "5C64CBA6-AAD2-4151-BE72-4F68934D94BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r8:*:*:*:linux:*:*",
"matchCriteriaId": "8BAFB239-5C78-4F3D-9CDA-D67A74B2AF05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r8.2:*:*:*:linux:*:*",
"matchCriteriaId": "7A0DDA55-66D2-43A1-AEB2-26192150DC83",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Pulse Secure Desktop Client (Linux) \u003c 9.1R9 could allow local attackers to escalate privilege."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Pulse Secure Desktop Client (Linux) versiones anteriores a 9.1R9, podr\u00eda permitir a atacantes locales escalar privilegios"
}
],
"id": "CVE-2020-8248",
"lastModified": "2024-11-21T05:38:35.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-28T13:15:12.527",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-28 13:15
Modified
2024-11-21 05:38
Severity ?
Summary
A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "87BF5FC6-3D85-4C88-AD32-23A1BB4975A8",
"versionEndExcluding": "9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r1:*:*:*:linux:*:*",
"matchCriteriaId": "524B043E-80B3-4E60-BDDB-55A29A04DA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r2:*:*:*:linux:*:*",
"matchCriteriaId": "1E79BF74-D489-4A8D-8135-E5427D43DE2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3:*:*:*:linux:*:*",
"matchCriteriaId": "71C518EF-BFF6-41EE-A696-311E6EB3C17D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3.1:*:*:*:linux:*:*",
"matchCriteriaId": "B0840530-B0F7-4BBA-BC55-4BF2C2D59DF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4:*:*:*:linux:*:*",
"matchCriteriaId": "6F98E7F0-6D2D-4238-BABF-15841BE32605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.1:*:*:*:linux:*:*",
"matchCriteriaId": "EB616A5D-8B22-4C0D-8E09-073B4778430E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.2:*:*:*:linux:*:*",
"matchCriteriaId": "40E3E61D-0716-408A-BBF6-6336FED8F618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r5:*:*:*:linux:*:*",
"matchCriteriaId": "3F066817-5364-47F5-9211-9F4FDD958BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r6:*:*:*:linux:*:*",
"matchCriteriaId": "661A0EB6-4CCC-4744-B0E9-81A0E3E2BB37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r7:*:*:*:linux:*:*",
"matchCriteriaId": "CEB6A361-FD3C-4263-92E2-B2DBCDE20674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r7.1:*:*:*:linux:*:*",
"matchCriteriaId": "5C64CBA6-AAD2-4151-BE72-4F68934D94BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r8:*:*:*:linux:*:*",
"matchCriteriaId": "8BAFB239-5C78-4F3D-9CDA-D67A74B2AF05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r8.2:*:*:*:linux:*:*",
"matchCriteriaId": "7A0DDA55-66D2-43A1-AEB2-26192150DC83",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the authenticated user web interface of Pulse Connect Secure \u003c 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de usuario web autenticado de Pulse Connect Secure versiones anteriores a 9.1R9, podr\u00eda permitir a atacantes conducir ataques de tipo Cross-Site Scripting (XSS) por medio del archivo CGI"
}
],
"id": "CVE-2020-8263",
"lastModified": "2024-11-21T05:38:36.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-28T13:15:13.293",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-28 15:15
Modified
2024-11-21 05:05
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Summary
An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02C5A1FF-7572-4CB7-81DA-9AE3C867AE67",
"versionEndIncluding": "9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r1.0:*:*:*:*:*:*",
"matchCriteriaId": "FB312AC8-7014-4590-BE8B-ED45CAD0C3E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r2.0:*:*:*:*:*:*",
"matchCriteriaId": "4E2F8098-6EAD-4228-85A5-169964FC7DB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3.0:*:*:*:*:*:*",
"matchCriteriaId": "FC002DB6-8A56-42B0-A4F5-4192A284219C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3.1:*:*:*:*:*:*",
"matchCriteriaId": "F923172E-6078-4467-95DB-CD7384A50110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.0:*:*:*:*:*:*",
"matchCriteriaId": "7053E3B4-913D-4763-96E8-6507E79038D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.1:*:*:*:*:*:*",
"matchCriteriaId": "87587872-2C31-4EC6-85B2-4CD9197C8EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.2:*:*:*:*:*:*",
"matchCriteriaId": "11ABD572-E99A-4F75-95CA-0EAD5D2C8035",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r5.0:*:*:*:*:*:*",
"matchCriteriaId": "37CB0966-A012-4070-9F53-7ABF3866F699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r6.0:*:*:*:*:*:*",
"matchCriteriaId": "09BACF28-BBDB-4896-AF97-1421F3356D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r7.0:*:*:*:*:*:*",
"matchCriteriaId": "AB5A1D0F-FA50-4E31-989B-2B4408D380DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Pulse Secure Pulse Connect Secure versiones anteriores a 9.1R8. Un atacante autenticado puede acceder a la consola de la p\u00e1gina admin por medio de la interfaz web del usuario final debido a una reescritura"
}
],
"id": "CVE-2020-15408",
"lastModified": "2024-11-21T05:05:29.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-28T15:15:11.890",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/?atype=sa"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/?atype=sa"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-28 13:15
Modified
2024-11-21 05:38
Severity ?
Summary
A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "87BF5FC6-3D85-4C88-AD32-23A1BB4975A8",
"versionEndExcluding": "9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r1:*:*:*:linux:*:*",
"matchCriteriaId": "524B043E-80B3-4E60-BDDB-55A29A04DA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r2:*:*:*:linux:*:*",
"matchCriteriaId": "1E79BF74-D489-4A8D-8135-E5427D43DE2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3:*:*:*:linux:*:*",
"matchCriteriaId": "71C518EF-BFF6-41EE-A696-311E6EB3C17D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3.1:*:*:*:linux:*:*",
"matchCriteriaId": "B0840530-B0F7-4BBA-BC55-4BF2C2D59DF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4:*:*:*:linux:*:*",
"matchCriteriaId": "6F98E7F0-6D2D-4238-BABF-15841BE32605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.1:*:*:*:linux:*:*",
"matchCriteriaId": "EB616A5D-8B22-4C0D-8E09-073B4778430E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.2:*:*:*:linux:*:*",
"matchCriteriaId": "40E3E61D-0716-408A-BBF6-6336FED8F618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r5:*:*:*:linux:*:*",
"matchCriteriaId": "3F066817-5364-47F5-9211-9F4FDD958BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r6:*:*:*:linux:*:*",
"matchCriteriaId": "661A0EB6-4CCC-4744-B0E9-81A0E3E2BB37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r7:*:*:*:linux:*:*",
"matchCriteriaId": "CEB6A361-FD3C-4263-92E2-B2DBCDE20674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r7.1:*:*:*:linux:*:*",
"matchCriteriaId": "5C64CBA6-AAD2-4151-BE72-4F68934D94BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r8:*:*:*:linux:*:*",
"matchCriteriaId": "8BAFB239-5C78-4F3D-9CDA-D67A74B2AF05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r8.2:*:*:*:linux:*:*",
"matchCriteriaId": "7A0DDA55-66D2-43A1-AEB2-26192150DC83",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Pulse Secure Desktop Client (Linux) \u003c 9.1R9 could allow local attackers to perform buffer overflow."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Pulse Secure Desktop Client (Linux) versiones anteriores a 9.1R9, podr\u00eda permitir a atacantes locales llevar a cabo un desbordamiento del b\u00fafer"
}
],
"id": "CVE-2020-8249",
"lastModified": "2024-11-21T05:38:35.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-28T13:15:12.590",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-16 20:15
Modified
2024-11-21 05:00
Severity ?
Summary
A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r1.0:*:*:*:windows:*:*",
"matchCriteriaId": "FC05FD06-81E7-48E2-887B-A71EEB68B96C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r1.1:*:*:*:windows:*:*",
"matchCriteriaId": "B7395FE6-4254-4271-986D-14DA838175AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r2.0:*:*:*:windows:*:*",
"matchCriteriaId": "F43B3D72-D466-42EE-A44F-2C0E618046A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r3.0:*:*:*:windows:*:*",
"matchCriteriaId": "819CD1D2-4246-4B5E-BB02-ADDC3E59DA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r4.1:*:*:*:windows:*:*",
"matchCriteriaId": "C71804A0-0D29-4C7A-A3CD-0A85671F2569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r4.2:*:*:*:windows:*:*",
"matchCriteriaId": "71F569FA-A6B0-4F7F-BB30-1D18435D2139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r5.0:*:*:*:windows:*:*",
"matchCriteriaId": "84456124-EE16-415F-B857-A6A6865DDD14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r5.2:*:*:*:windows:*:*",
"matchCriteriaId": "07D603F2-B987-4539-B62B-E503F4A37D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r6.0:*:*:*:windows:*:*",
"matchCriteriaId": "4E1987FB-BC32-4E6E-8F58-BACEE03A182E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r7.0:*:*:*:windows:*:*",
"matchCriteriaId": "4755D673-A0F2-407E-BC4B-DD9D653DE008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0:r1.0:*:*:*:windows:*:*",
"matchCriteriaId": "5D453E55-2173-486D-9872-3586B72DD707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0:r2:*:*:*:windows:*:*",
"matchCriteriaId": "D5E28726-946B-4AD5-A94C-674B2EE7C87F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0:r2.1:*:*:*:windows:*:*",
"matchCriteriaId": "42C0631C-3BCD-428A-B54F-BA1848E1FAF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0:r3:*:*:*:windows:*:*",
"matchCriteriaId": "18F0D950-61A9-48C7-8B13-66F8BCD807FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0:r3.2:*:*:*:windows:*:*",
"matchCriteriaId": "C434F090-CC8F-4AE2-B78A-3B9AE8E5FABE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0:r4:*:*:*:windows:*:*",
"matchCriteriaId": "5589243F-28FA-463E-A4EE-796E341A9C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0:r4.0:*:*:*:windows:*:*",
"matchCriteriaId": "A82F965F-E64E-4FA7-93E2-9539F0305CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0:r5.0:*:*:*:windows:*:*",
"matchCriteriaId": "18FA2EB1-C30E-4C21-ACAB-57790B229532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0:r6.0:*:*:*:windows:*:*",
"matchCriteriaId": "26B93148-966F-4CAE-9866-A56F76ACB2D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r1.0:*:*:*:windows:*:*",
"matchCriteriaId": "F20F27F1-A7D1-43E1-87E1-DB14225B6AE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r2.0:*:*:*:windows:*:*",
"matchCriteriaId": "754FA0D5-7EB7-40EE-8B01-4F199C1C2F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3.0:*:*:*:windows:*:*",
"matchCriteriaId": "BE5AB91A-ECB4-4325-ACB1-E0EE2DD58E1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3.1:*:*:*:windows:*:*",
"matchCriteriaId": "75017203-FA52-4C5D-9B9C-E38F26852BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.0:*:*:*:windows:*:*",
"matchCriteriaId": "88BD9C9A-AFD3-40D5-B01D-C45EA5FFC3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.1:*:*:*:windows:*:*",
"matchCriteriaId": "D16AD2E8-9C7D-4EA2-8AF1-881546E97D75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.2:*:*:*:windows:*:*",
"matchCriteriaId": "FFB49374-0F24-41BA-BC44-51DC22D27B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r5.0:*:*:*:windows:*:*",
"matchCriteriaId": "495D15BC-1721-47FF-AE65-C738989AE8E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r6.0:*:*:*:windows:*:*",
"matchCriteriaId": "95FBACD3-EE26-406D-8D93-BF002DB08F16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r7.0:*:*:*:windows:*:*",
"matchCriteriaId": "AAA0F785-EF43-4E4A-BC29-6D98AA70EF8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_installer_service:8.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "28CA5CFF-88C2-4FB8-8803-428E2CD7E30F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_installer_service:9.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "F54BB7FC-5904-4A0E-A997-F93FF647882B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_installer_service:9.1:r5.0:*:*:*:windows:*:*",
"matchCriteriaId": "A39B2448-57FB-4407-AE46-F50CEB4F8709",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo time-of-check time-of-use en el archivo PulseSecureService.exe en Pulse Secure Client versiones anteriores a 9.1.6 hasta 5.3 R70 para Windows (que se ejecuta como NT AUTHORITY/SYSTEM), permite a los usuarios sin privilegios correr un ejecutable de Microsoft Installer con privilegios elevados"
}
],
"id": "CVE-2020-13162",
"lastModified": "2024-11-21T05:00:46.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-16T20:15:13.380",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/158117/Pulse-Secure-Client-For-Windows-Local-Privilege-Escalation.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/159065/Pulse-Secure-Windows-Client-Privilege-Escalation.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Jun/25"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/15"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/?atype=sa"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44503"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/gsepcali/status/1262551597990711296"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/gsepcali/status/1272927080909623297"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/sepcali/status/1262551597990711296"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/158117/Pulse-Secure-Client-For-Windows-Local-Privilege-Escalation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/159065/Pulse-Secure-Windows-Client-Privilege-Escalation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Jun/25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/?atype=sa"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/gsepcali/status/1262551597990711296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/gsepcali/status/1272927080909623297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/sepcali/status/1262551597990711296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-06 23:29
Modified
2024-11-21 03:51
Severity ?
Summary
The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pulsesecure | pulse_secure_desktop_client | 5.3r1 | |
| pulsesecure | pulse_secure_desktop_client | 5.3r1.1 | |
| pulsesecure | pulse_secure_desktop_client | 5.3r2 | |
| pulsesecure | pulse_secure_desktop_client | 5.3r3 | |
| pulsesecure | pulse_secure_desktop_client | 5.3r4 | |
| pulsesecure | pulse_secure_desktop_client | 5.3r4.1 | |
| pulsesecure | pulse_secure_desktop_client | 5.3r4.2 | |
| pulsesecure | pulse_secure_desktop_client | 5.3rx | |
| pulsesecure | pulse_secure_desktop_client | 9.0r1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r1:*:*:*:*:macos:*:*",
"matchCriteriaId": "D82F2294-E7C5-4F67-A07A-4270B2F34C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r1.1:*:*:*:*:macos:*:*",
"matchCriteriaId": "75441DFF-D08C-4DAA-89C0-183A639DB317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r2:*:*:*:*:macos:*:*",
"matchCriteriaId": "F692C2C0-50E6-4DD4-A417-CF9717064E65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r3:*:*:*:*:macos:*:*",
"matchCriteriaId": "E5C771CC-EA62-48CE-B0B1-41737DDB3110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r4:*:*:*:*:macos:*:*",
"matchCriteriaId": "1A46D6DE-4881-480A-88F7-58307387E97F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r4.1:*:*:*:*:macos:*:*",
"matchCriteriaId": "94A8DBBC-D706-464C-BDE2-48ADECB9E0CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r4.2:*:*:*:*:macos:*:*",
"matchCriteriaId": "56533B57-8F44-4918-937B-0F5D9C61B785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3rx:*:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "2F917664-B379-4A37-9223-0A87A4E97068",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0r1:*:*:*:*:macos:*:*",
"matchCriteriaId": "1EAC93B4-5AD2-4FF4-AC05-9A6E9367EFA6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability."
},
{
"lang": "es",
"value": "Pulse Secure Desktop (macOS), en versiones 5.3RX anteriores a la 5.3R5 y versi\u00f3n 9.0R1, tiene una vulnerabilidad de cadena de formato."
}
],
"id": "CVE-2018-15749",
"lastModified": "2024-11-21T03:51:23.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-06T23:29:00.663",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-28 13:15
Modified
2024-11-21 05:38
Severity ?
Summary
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. This fix also requires Server Side Upgrade due to Standalone Host Checker Client (Windows) and Windows PDC.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "87BF5FC6-3D85-4C88-AD32-23A1BB4975A8",
"versionEndExcluding": "9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r1:*:*:*:linux:*:*",
"matchCriteriaId": "524B043E-80B3-4E60-BDDB-55A29A04DA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r2:*:*:*:linux:*:*",
"matchCriteriaId": "1E79BF74-D489-4A8D-8135-E5427D43DE2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3:*:*:*:linux:*:*",
"matchCriteriaId": "71C518EF-BFF6-41EE-A696-311E6EB3C17D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3.1:*:*:*:linux:*:*",
"matchCriteriaId": "B0840530-B0F7-4BBA-BC55-4BF2C2D59DF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4:*:*:*:linux:*:*",
"matchCriteriaId": "6F98E7F0-6D2D-4238-BABF-15841BE32605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.1:*:*:*:linux:*:*",
"matchCriteriaId": "EB616A5D-8B22-4C0D-8E09-073B4778430E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.2:*:*:*:linux:*:*",
"matchCriteriaId": "40E3E61D-0716-408A-BBF6-6336FED8F618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r5:*:*:*:linux:*:*",
"matchCriteriaId": "3F066817-5364-47F5-9211-9F4FDD958BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r6:*:*:*:linux:*:*",
"matchCriteriaId": "661A0EB6-4CCC-4744-B0E9-81A0E3E2BB37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r7:*:*:*:linux:*:*",
"matchCriteriaId": "CEB6A361-FD3C-4263-92E2-B2DBCDE20674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r7.1:*:*:*:linux:*:*",
"matchCriteriaId": "5C64CBA6-AAD2-4151-BE72-4F68934D94BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r8:*:*:*:linux:*:*",
"matchCriteriaId": "8BAFB239-5C78-4F3D-9CDA-D67A74B2AF05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r8.2:*:*:*:linux:*:*",
"matchCriteriaId": "7A0DDA55-66D2-43A1-AEB2-26192150DC83",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Pulse Secure Desktop Client \u003c 9.1R9 is vulnerable to the client registry privilege escalation attack. This fix also requires Server Side Upgrade due to Standalone Host Checker Client (Windows) and Windows PDC."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Pulse Secure Desktop Client versiones anteriores a 9.1R9, es vulnerable a un ataque de escalada de privilegios del registro del cliente.\u0026#xa0;Esta correcci\u00f3n tambi\u00e9n requiere un Server Side Upgrade debido a Standalone Host Checker Client (Windows) y Windows PDC"
}
],
"id": "CVE-2020-8239",
"lastModified": "2024-11-21T05:38:34.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-28T13:15:12.307",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-06 23:29
Modified
2024-11-21 03:51
Severity ?
Summary
The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pulsesecure | pulse_secure_desktop_client | 5.3r1 | |
| pulsesecure | pulse_secure_desktop_client | 5.3r1.1 | |
| pulsesecure | pulse_secure_desktop_client | 5.3r2 | |
| pulsesecure | pulse_secure_desktop_client | 5.3r3 | |
| pulsesecure | pulse_secure_desktop_client | 5.3r4 | |
| pulsesecure | pulse_secure_desktop_client | 5.3r4.1 | |
| pulsesecure | pulse_secure_desktop_client | 5.3r4.2 | |
| pulsesecure | pulse_secure_desktop_client | 5.3rx | |
| pulsesecure | pulse_secure_desktop_client | 9.0r1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r1:*:*:*:*:macos:*:*",
"matchCriteriaId": "D82F2294-E7C5-4F67-A07A-4270B2F34C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r1.1:*:*:*:*:macos:*:*",
"matchCriteriaId": "75441DFF-D08C-4DAA-89C0-183A639DB317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r2:*:*:*:*:macos:*:*",
"matchCriteriaId": "F692C2C0-50E6-4DD4-A417-CF9717064E65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r3:*:*:*:*:macos:*:*",
"matchCriteriaId": "E5C771CC-EA62-48CE-B0B1-41737DDB3110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r4:*:*:*:*:macos:*:*",
"matchCriteriaId": "1A46D6DE-4881-480A-88F7-58307387E97F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r4.1:*:*:*:*:macos:*:*",
"matchCriteriaId": "94A8DBBC-D706-464C-BDE2-48ADECB9E0CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r4.2:*:*:*:*:macos:*:*",
"matchCriteriaId": "56533B57-8F44-4918-937B-0F5D9C61B785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3rx:*:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "2F917664-B379-4A37-9223-0A87A4E97068",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0r1:*:*:*:*:macos:*:*",
"matchCriteriaId": "1EAC93B4-5AD2-4FF4-AC05-9A6E9367EFA6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability."
},
{
"lang": "es",
"value": "Pulse Secure Desktop (macOS), en versiones 5.3RX anteriores a la 5.3R5 y versi\u00f3n 9.0R1, tiene una vulnerabilidad de escalada de privilegios."
}
],
"id": "CVE-2018-15726",
"lastModified": "2024-11-21T03:51:20.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-06T23:29:00.490",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}