CVE-2020-8221

moderate-risk

Published 2020-07-30

A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface.

Do I need to act?

~

2.9% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

4

CVSS 4.9/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Connect Secure

Connect Secure

Connect Secure

Connect Secure

Connect Secure

Connect Secure

Connect Secure

Connect Secure

Connect Secure

Connect Secure

Connect Secure

Pulse Connect Secure

Policy Secure

Policy Secure

Policy Secure

Policy Secure

Policy Secure

Policy Secure

Policy Secure

Policy Secure

Affected Vendors

Pulsesecure Ivanti

References (2)

Vendor Advisory https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516

Vendor Advisory https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516

47

/ 100

moderate-risk

Severity 20/34 · Moderate

Exploitability 6/34 · Minimal

Exposure 21/34 · High