← Back

CVE-2020-12880

nvd nist
Published: Jul 27, 2020Modified: Nov 21, 2024

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and can be retrieved. (The source code is otherwise inaccessible because the appliance has its hard disks encrypted, and no root shell is available during normal operation.)

Affected (23)

Ivanti
2 products
Connect Secure
Policy Secure
Pulsesecure
2 products
Pulse Connect Secure
Pulse Policy Secure
Configuration A
12 vulnerable
Vulnerable SoftwareAffected Versions
Ivanti
Connect Secure
Version 9.1
Connect Secure
Version 9.1 r1
Connect Secure
Version 9.1 r2
Connect Secure
Version 9.1 r3
Connect Secure
Version 9.1 r4.1
Connect Secure
Version 9.1 r4.2
Connect Secure
Version 9.1 r4.3
Connect Secure
Version 9.1 r4
Connect Secure
Version 9.1 r5
Connect Secure
Version 9.1 r6
Connect Secure
Version 9.1 r7
Pulse Connect Secure
Up to 9.0
Configuration B
11 vulnerable
Vulnerable SoftwareAffected Versions
Ivanti
Policy Secure
Version 9.1 r1
Policy Secure
Version 9.1 r2
Policy Secure
Version 9.1 r3.1
Policy Secure
Version 9.1 r3
Policy Secure
Version 9.1 r4.1
Policy Secure
Version 9.1 r4.2
Policy Secure
Version 9.1 r4
Policy Secure
Version 9.1 r5
Policy Secure
Version 9.1 r6
Policy Secure
Version 9.1 r7
Pulse Policy Secure
Up to 9.0

References (4)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.