CVE-2020-11581

moderate-risk

Published 2020-04-06

An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, allows a man-in-the-middle attacker to perform OS command injection attacks (against a client) via shell metacharacters to the doCustomRemediateInstructions method, because Runtime.getRuntime().exec() is used.

Do I need to act?

39.3% chance of exploitation in next 30 days

EPSS score — higher than 61% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.1/10 High

NETWORK / HIGH complexity

Affected Products (2)

Pulse Connect Secure

Pulse Policy Secure

Affected Vendors

Pulsesecure

References (4)

Exploit https://git.lsd.cat/g/pulse-host-checker-rce

Vendor Advisory https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44426

Exploit https://git.lsd.cat/g/pulse-host-checker-rce

Vendor Advisory https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44426

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 17/34 · Moderate

Exposure 7/34 · Low