<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1462084720533760&amp;ev=PageView&amp;noscript=1">
Vulnerability Report

CVE-2020-8254 Pulse Secure Desktop Client < 9.1R9 RCE

Virsec Security Research Lab Vulnerability Analysis

The Virsec Security Research Lab provides detailed analysis on recent and notable security vulnerabilities.

Vulnerability Summary

A vulnerability in the Pulse Connect Secure, Pulse Policy Secure, Pulse Secure Desktop Client Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC. Affected by this vulnerability is an unknown function of the component Dynamic Certificate Trust. The manipulation with an unknown input leads to a directory traversal vulnerability. The exploitation appears to be easy. The attack can be launched remotely. The exploitation does not need any form of authentication.

Watch the video to learn more about this and other important vulnerabilities.

CVSS Score

The CVSS Base Score is 8.8 (High)

Affected Version

Pulse Secure Desktop Client < 9.1R9.

The earliest vulnerable version was released on 05/2020. The exposure window is therefore 6 months.

Vulnerability Attribution

Anonymous.

Risk Impact

Pulse Secure Desktop client (PDC) is One universal client for Pulse Connect Secure, Pulse Policy Secure and Pulse Workspace. It provides a very user friendly experience on mobile and desktop to connect to VPN, BYOD, etc.  PDC is popular client which is used by lot of enterprises to connect to their corporate network and perform critical and confidential tasks, any exploit of this vulnerability will compromise the whole corporate data.

Virsec Security Platform (VSP) Support

  • The Virsec Security Platform (VSP)-Web’s path traversal feature will detect this exploit and will prevent this attack.

  • VSP-Host monitors processes that are spawned which are not part of a set of whitelisted process. Any attempt to execute new command or unknown binary would be denied by VSP-Host’s Process Monitoring capability.

Reference Links

Download the full vulnerability report to learn more about this and other important vulnerabilities.