⚠ Actively exploited
Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..

CVE-2020-8260Unrestricted File Upload in Ivanti Connect Secure

CWE-434Unrestricted File Upload10 documents7 sources
Severity
7.2HIGHNVD
EPSS
75.9%
top 1.09%
CISA KEV
KEV
Added 2021-11-03
Due 2022-05-03
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Ivanti Connect SecurePulse Connect Secure Pulse Policy Secure
Timeline
PublishedOct 28
KEV addedNov 3
KEV dueMay 3
Latest updateMay 24
CISA Required Action: Apply updates per vendor instructions.

Description

A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

3
GHSA
GHSA-mc4h-hp66-ccmh: A vulnerability in the Pulse Connect Secure < 92022-05-24
CVEList
CVE-2020-8260: A vulnerability in the Pulse Connect Secure < 92020-10-28
VulnCheck
Ivanti Pulse Connect Secure Code Execution Vulnerability2020

🔍Detection Rules

4
Suricata
ET EXPLOIT Possible Pulse Secure VPN RCE Chain Stage 3 Inbound - Execute Mal Config Trigger (CVE-2020-8260)2021-08-20
Suricata
ET EXPLOIT Possible Pulse Secure VPN RCE Chain Stage 2 Inbound - Upload Malicious Config (CVE-2020-8260)2021-08-20
Suricata
ET EXPLOIT Possible Pulse Secure VPN RCE Chain Stage 1 Inbound - Request Config Backup (CVE-2020-8260)2021-08-20
Suricata
ET EXPLOIT Pulse Secure VPN RCE Chain Stage 3 Inbound - Execute Mal Config Trigger, PoC Based (CVE-2020-8260)2021-08-20

📋Vendor Advisories

2
Ivanti
Ivanti Pulse Connect Secure Code Execution Vulnerability2021-11-03
CISA
Ivanti Pulse Connect Secure Code Execution Vulnerability2021-11-03
CVE-2020-8260 — Unrestricted File Upload in Ivanti | cvebase