Threat Encyclopedia

Pulse.Connect.Secure.Custom.Template.Remote.Code.Execution

Description

This indicates an attack attempt against a Remote Code Execution vulnerability in Pulse Connect Secure.
The vulnerability is due to insufficient sanitizing of user supplied inputs when handling a crafted HTTP request. An authenticated attacker could exploit this to execute arbitrary code in the context of the vulnerable application.

Affected Products

Pulse Connect Secure (PCS) 9.1Rx or below
Pulse Policy Secure (PPS) 9.1Rx or below

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44588

CVE References

CVE-2020-8243