Technical Advisory – Pulse Connect Secure – RCE via Template Injection (CVE-2020-8243)

Vendor: Pulse Secure Vendor URL: https://www.pulsesecure.net/ Versions affected: Pulse Connect Secure (PCS) 9.1Rx or below, Pulse Policy Secure (PPS) 9.1Rx or below Systems Affected: Pulse Connect Secure (PCS) Appliances Authors: Richard Warren - richard.warren[at]nccgroup[dot]com, David Cash – david.cash[at]nccgroup[dot]com CVE Identifier: CVE-2020-8243 Advisory URL: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44588 Risk: 7.2 High CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Summary Pulse Connect Secure (PCS) appliances before … Continue reading Technical Advisory – Pulse Connect Secure – RCE via Template Injection (CVE-2020-8243)