CVE-2020-8260
Ivanti Pulse Connect Secure Code Execution Vulnerability
CVSS
—
Sin CVSS
EPSS
96.5%
p100
KEV
SÍ
3 nov 2021
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
Ivanti / Pulse Connect Secure
Vulnerabilidad
Ivanti Pulse Connect Secure Code Execution Vulnerability
Añadido a KEV
3 nov 2021
Remediar antes de
3 may 2022
Uso conocido en ransomware
No
Descripción resumida
Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction.
Acción requerida
Apply updates per vendor instructions.
Notas
Reference CISA's ED 21-03 (https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secure-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-03. https://nvd.nist.gov/vuln/detail/CVE-2020-8260