CVE-2020-8220
published 2020-07-30CVE-2020-8220: A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the…
PriorityP334medium6.5CVSS 3.1
AVNACLPRHUINSUCNIHAH
EPSS
2.46%
82.4th percentile
A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | connect_secure | — | — |
| ivanti | policy_secure | — | — |
| pulsesecure | pulse_connect_secure | <= 9.0 | — |
| pulsesecure | pulse_connect_secure | — | — |
| pulsesecure | pulse_policy_secure | <= 9.0 | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
nvdv2.05.5MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2020-8220
vendor_ivanti·2020-07-30·CVSS 6.5
CVE-2020-8220 [MEDIUM] CWE-400 Ivanti Security Advisory: CVE-2020-8220
Ivanti Security Advisory: CVE-2020-8220
A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS.
CVE IDs: CVE-2020-8220
CVSS Base Score: 6.5
Severity: MEDIUM
CWEs: CWE-400
GHSA
GHSA-83pm-xg7g-2c98: A denial of service vulnerability exists in Pulse Connect Secure <9
ghsa_unreviewed·2022-05-24
CVE-2020-8220 [MEDIUM] CWE-400 GHSA-83pm-xg7g-2c98: A denial of service vulnerability exists in Pulse Connect Secure <9
A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-07-30
Published