gsd-2020-8220
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS.
Aliases
Aliases
{ GSD: { alias: "CVE-2020-8220", description: "A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS.", id: "GSD-2020-8220", }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2020-8220", ], details: "A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS.", id: "GSD-2020-8220", modified: "2023-12-13T01:21:53.334987Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "support@hackerone.com", ID: "CVE-2020-8220", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Pulse Connect Secure", version: { version_data: [ { version_value: "Fixed in 9.1R8", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service (CWE-400)", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516", refsource: "MISC", url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516", }, ], }, }, "nvd.nist.gov": { cve: { configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*", matchCriteriaId: "4F450898-0B06-4073-9B76-BF22F68BD14F", vulnerable: true, }, { criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*", matchCriteriaId: "4B21C181-DC49-4EBD-9932-DBB337151FF7", vulnerable: true, }, { criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*", matchCriteriaId: "4FEFC4B1-7350-46F9-80C1-42F5AE06142F", vulnerable: true, }, { criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*", matchCriteriaId: "DB7A6D62-6576-4713-9BF4-11068A72E8B7", vulnerable: true, }, { criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*", matchCriteriaId: "843BC1B9-50CC-4F8F-A454-A0CEC6E92290", vulnerable: true, }, { criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*", matchCriteriaId: "D5355372-03EA-46D7-9104-A2785C29B664", vulnerable: true, }, { criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*", matchCriteriaId: "3DE32A0C-8944-4F51-A286-266055CA4B2F", vulnerable: true, }, { criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*", matchCriteriaId: "0349A0CC-A372-4E51-899E-D7BA67876F4B", vulnerable: true, }, { criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*", matchCriteriaId: "93D1A098-BD77-4A7B-9070-A764FB435981", vulnerable: true, }, { criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*", matchCriteriaId: "3CCC2D7B-F835-45EC-A316-2F0C5F2CF565", vulnerable: true, }, { criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*", matchCriteriaId: "AD812596-C77C-4129-982F-C22A25B52126", vulnerable: true, }, { criteria: "cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*", matchCriteriaId: "18272F7E-A9BA-4175-B6F6-F7E550D736CE", versionEndIncluding: "9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*", matchCriteriaId: "6418A649-3A63-40CC-BD7C-309B3B0B2595", vulnerable: true, }, { criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*", matchCriteriaId: "A07B66E0-A679-4912-8CB1-CD134713EDC7", vulnerable: true, }, { criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*", matchCriteriaId: "6D37A6E4-D58E-444D-AF6A-15461F38E81A", vulnerable: true, }, { criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*", matchCriteriaId: "FC2B9DA0-E32B-4125-9986-F0D3814C66E9", vulnerable: true, }, { criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*", matchCriteriaId: "38A0D7CF-7D55-4933-AE8C-36006D6779E1", vulnerable: true, }, { criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*", matchCriteriaId: "C9A5BA3E-D6B3-453D-8DDF-FF16859FD0F8", vulnerable: true, }, { criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*", matchCriteriaId: "BAFDA618-D15D-401D-AC68-0020259FEC57", vulnerable: true, }, { criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*", matchCriteriaId: "D55AB5F0-132F-4C40-BF4F-684E139B774B", vulnerable: true, }, { criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*", matchCriteriaId: "6BE937D2-8BEE-4E64-8738-F550EAD00F50", vulnerable: true, }, { criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*", matchCriteriaId: "9C753520-1BC6-4980-AFC9-4C2FDDF2FD18", vulnerable: true, }, { criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*", matchCriteriaId: "AC3863BC-3B9A-402B-A74A-149CDF717EC6", vulnerable: true, }, { criteria: "cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:*", matchCriteriaId: "B031D2AE-70BE-48BB-A9E9-0A0DAAAFF55F", versionEndIncluding: "9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], descriptions: [ { lang: "en", value: "A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS.", }, { lang: "es", value: "Se presenta una vulnerabilidad denegación de servicio en Pulse Connect Secure versiones anteriores a 9.1R8, que permite a un atacante autenticado llevar a cabo una inyección de comandos por medio de la web del administrador que puede causar una DOS", }, ], id: "CVE-2020-8220", lastModified: "2024-02-27T21:04:17.560", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-30T13:15:11.987", references: [ { source: "support@hackerone.com", tags: [ "Vendor Advisory", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-400", }, ], source: "support@hackerone.com", type: "Secondary", }, ], }, }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.