An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and can be retrieved. (The source code is otherwise inaccessible because the appliance has its hard disks encrypted, and no root shell is available during normal operation.)
References
Link | Resource |
---|---|
https://kb.pulsesecure.net/?atype=sa | Vendor Advisory |
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
27 Feb 2024, 21:04
Type | Values Removed | Values Added |
---|---|---|
First Time |
Ivanti connect Secure
|
|
CPE | cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r7:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4.3:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4.2:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r5:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:-:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r6:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4.1:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r1:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r2:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r3:*:*:*:*:*:* |
cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:* |
13 Jan 2024, 04:43
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r7:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r4:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r4.1:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r5:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r1:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r4.2:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r6:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r2:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r3:*:*:*:*:*:* |
cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:* |
First Time |
Ivanti policy Secure
Ivanti |
Information
Published : 2020-07-27 23:15
Updated : 2024-02-28 17:47
NVD link : CVE-2020-12880
Mitre link : CVE-2020-12880
CVE.ORG link : CVE-2020-12880
JSON object : View
Products Affected
pulsesecure
- pulse_connect_secure
- pulse_policy_secure
ivanti
- connect_secure
- policy_secure
CWE