CVE-2020-8220Uncontrolled Resource Consumption in Pulse Connect Secure

CWE-400Uncontrolled Resource Consumption3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
6.7%
top 8.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Pulsesecure Pulse Connect SecurePulsesecure Pulse Policy SecureIvanti Connect Secure+1 more
Timeline
PublishedJul 30
Latest updateMay 24

Description

A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:HExploitability: 1.2 | Impact: 5.2

Affected Packages5 packages

CVEListV5pulsesecure/pulse_connect_secureFixed in 9.1R8

🔴Vulnerability Details

2
GHSA
GHSA-83pm-xg7g-2c98: A denial of service vulnerability exists in Pulse Connect Secure <92022-05-24
CVEList
CVE-2020-8220: A denial of service vulnerability exists in Pulse Connect Secure <92020-07-30
CVE-2020-8220 — Uncontrolled Resource Consumption | cvebase