CVE-2020-8243
published 2020-09-30CVE-2020-8243: A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an…
PriorityP187high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
KEVITWRansomware
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
90.76%
99.8th percentile
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | connect_secure | <= 9.0 | — |
| ivanti | connect_secure | — | — |
| ivanti | policy_secure | <= 9.0 | — |
| ivanti | policy_secure | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort↗
51288, 51289, 51390, 57452-57459, 57461-57468
- →CVE-2020-8243 is exploited via the Pulse Connect Secure admin web interface by uploading a malicious custom template; monitor admin interface file upload activity for unexpected template uploads. ↗
- →Enable SSL/TLS decryption in Cisco Secure Firewall and Snort to detect exploitation attempts, as these vulnerabilities exploit applications leveraging SSL. ↗
- →CVE-2020-8243 has been observed exploited in the wild alongside CVE-2019-11510 and CVE-2020-8260 in campaigns targeting government agencies, critical infrastructure, and private sector organizations dating back to at least June 2020. ↗
- ·Snort rules listed cover the broader Pulse Connect Secure vulnerability cluster (CVE-2019-11510, CVE-2020-8243, CVE-2020-8260, CVE-2021-22893) and are not exclusively scoped to CVE-2020-8243; rule-to-CVE mapping should be verified via Firepower Management Center or Snort.org. ↗
- ·Exploitation of CVE-2020-8243 requires prior authentication to the admin web interface; detections should be scoped to authenticated admin sessions to reduce false positives. ↗
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vulncheck7.2HIGH
cisa7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Pulse Connect Secure Code Execution Vulnerability
vendor_ivanti·2021-11-03·CVSS 7.2
CVE-2020-8243 [HIGH] Ivanti Pulse Connect Secure Code Execution Vulnerability
Ivanti Pulse Connect Secure Code Execution Vulnerability
Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code execution.
CVE IDs: CVE-2020-8243
This vulnerability is listed in the CISA Known Exploited Vulnerabilities catalog.
Required Action: Apply updates per vendor instructions.
Remediation Due Date: 2022-05-03
CISA
Ivanti Pulse Connect Secure Code Execution Vulnerability
cisa·2021-11-03·CVSS 7.2
CVE-2020-8243 [HIGH] CWE-94 Ivanti Pulse Connect Secure Code Execution Vulnerability
Vulnerability: Ivanti Pulse Connect Secure Code Execution Vulnerability
Affected: Ivanti Pulse Connect Secure
Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code execution.
Required Action: Apply updates per vendor instructions.
Notes: Reference CISA's ED 21-03 (https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secure-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-03. https://nvd.nist.gov/vuln/detail/CVE-2020-8243
Remediation Due Date: 2022-05-03
GHSA
GHSA-87wj-wph2-98g5: A vulnerability in the Pulse Connect Secure < 9
ghsa_unreviewed·2022-05-24
CVE-2020-8243 [HIGH] CWE-94 GHSA-87wj-wph2-98g5: A vulnerability in the Pulse Connect Secure < 9
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution.
VulnCheck
Ivanti Pulse Connect Secure Code Execution Vulnerability
vulncheck·2020·CVSS 7.2
CVE-2020-8243 [HIGH] CWE-94 Ivanti Pulse Connect Secure Code Execution Vulnerability
Ivanti Pulse Connect Secure Code Execution Vulnerability
Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code execution.
Affected: Ivanti Connect Secure and Policy Secure
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://us-cert.cisa.gov/ncas/alerts/aa21-110a; https://cyware.com/news/chinese-cyberspies-unc2630-targeting-us-and-eu-organizations-d94ac724/?web_view=true; https://cisa.gov/news-events/cybersecurity-advisories/aa21-110a; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://ransomware.org/blog/initial-access-vectors-for-ransomware/; htt
No detection rules found.
No public exploits indexed.
Tenable
CVE-2025-0282: Ivanti Connect Secure Zero-Day Vulnerability Exploited In The Wild
blogs_tenable·2025-01-08·CVSS 9.0
[CRITICAL] CVE-2025-0282: Ivanti Connect Secure Zero-Day Vulnerability Exploited In The Wild
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
CVE-2023-46805, CVE-2024-21887: Zero-Day Vulnerabilities Exploited in Ivanti Connect Secure and Policy Secure Gateways
blogs_tenable·2024-01-10·CVSS 8.2
[HIGH] CVE-2023-46805, CVE-2024-21887: Zero-Day Vulnerabilities Exploited in Ivanti Connect Secure and Policy Secure Gateways
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
blogs_qualys·2022-02-23
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
#### Table of Contents
- Situation
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISA Vulnerabilities Using Qualys VMDR
- CISA Exploited RTI
- Detailed Operational Dashboard
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively.
## Situation
Last November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directiv
Qualys
Qualys Response to CISA Alert: Binding Operational Directive 22-01
blogs_qualys·2021-11-09
Qualys Response to CISA Alert: Binding Operational Directive 22-01
## Table of Contents
Overview
Directive Scope
CISA Catalog of Known Exploited Vulnerabilities
Detect CISAs Vulnerabilities Using Qualys VMDR
Remediation
Federal Enterprises and Agencies Can Act Now
Summary
Getting Started
Start your VMDR 30-day, no-cost trial today
## Overview
On November 3, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directive 22-01 , “Reducing the Significant Risk of Known Exploited Vulnerabilities.” This directive recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal government and establishes requirements for agencies to remediate
Qualys
Qualys Response to CISA Alert: Binding Operational Directive 22-01 | Qualys
blogs_qualys·2021-11-09
Qualys Response to CISA Alert: Binding Operational Directive 22-01 | Qualys
#### Table of Contents
- Overview
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISAs Vulnerabilities Using Qualys VMDR
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
Start your VMDR 30-day, no-cost trial today
## Overview
On November 3, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directive 22-01, “Reducing the Significant Risk of Known Exploited Vulnerabilities.” This directive recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal government and establishes requirements for agencies to
Tenable
Hold the Door: Why Organizations Need to Prioritize Patching SSL VPNs
blogs_tenable·2021-08-25
Hold the Door: Why Organizations Need to Prioritize Patching SSL VPNs
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Checkpoint
26th July – Threat Intelligence Report
blogs_checkpoint·2021-07-26·CVSS 10.0
CVE-2019-11510 [CRITICAL] 26th July – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 26th July – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 26th July, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
US officials have reported that Chinese state-sponsored threat actors successfully breached 13 US oil and natural gas pipeline companies between 2011 and 2013. The hackers gained initial access using a spear-phishing campaign, and their main goal was to gain strategic access and disrupt US pipeline operations.
The French Natio
Zscaler
Reduce Business Risk by Eliminating the VPN Attack Surface
blogs_zscaler·2021-05-27
Reduce Business Risk by Eliminating the VPN Attack Surface
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Talos
Threat Advisory: Pulse Secure Connect Coverage
blogs_talos·2021-04-22·CVSS 10.0
CVE-2021-22893 [CRITICAL] Threat Advisory: Pulse Secure Connect Coverage
## Threat Advisory: Pulse Secure Connect Coverage
Pulse Secure announced that a critical vulnerability (CVE-2021-22893) was discovered in their VPN service "Pulse Secure Connect" in a recent security advisory .
The advisory states that, "a vulnerability was discovered under Pulse Connect Secure (PCS). This includes an authentication by-pass vulnerability that can allow an unauthenticated user to perform remote arbitrary file execution on the Pulse Connect Secure gateway. This vulnerability has a critical CVSS score and poses a significant risk to your deployment."
The company released a blog post alongside this advisory disclosing that the vulnerability has been exploited in the wild. According to the blog post, several other previously known vulnerabilities were exploited during these
Talos
Threat Advisory: Pulse Secure Connect Coverage
blogs_talos·2021-04-22·CVSS 10.0
CVE-2021-22893 [CRITICAL] Threat Advisory: Pulse Secure Connect Coverage
Pulse Secure announced that a critical vulnerability (CVE-2021-22893) was discovered in their VPN service "Pulse Secure Connect" in a recent security advisory.
The advisory states that, "a vulnerability was discovered under Pulse Connect Secure (PCS). This includes an authentication by-pass vulnerability that can allow an unauthenticated user to perform remote arbitrary file execution on the Pulse Connect Secure gateway. This vulnerability has a critical CVSS score and poses a significant risk to your deployment."
The company released a blog post alongside this advisory disclosing that the vulnerability has been exploited in the wild. According to the blog post, several other previously known vulnerabilities were exploited during these incidents:
- CVE-2019-11510
- CVE-2020-8243
- CVE-2
Tenable
CVE-2021-22893: Zero-Day Vulnerability in Pulse Connect Secure Exploited in the Wild
blogs_tenable·2021-04-20·CVSS 10.0
[CRITICAL] CVE-2021-22893: Zero-Day Vulnerability in Pulse Connect Secure Exploited in the Wild
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
2020-09-30
Published
2021-11-03
Added to CISA KEV
Exploited in the wild