CVE-2020-11581

Name of the Vulnerable Software and Affected Versions Pulse Secure Pulse Connect Secure (PCS) versions prior to 2020-04-06

Description The issue allows a man-in-the-middle attacker to perform OS command injection attacks against a client via shell metacharacters to the doCustomRemediateInstructions method. This is because Runtime.getRuntime().exec() is used. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, is vulnerable to this attack.

Recommendations For Pulse Secure Pulse Connect Secure (PCS) versions prior to 2020-04-06, as a temporary workaround, consider disabling the doCustomRemediateInstructions method until a patch is available. Restrict access to the tncc.jar applet to minimize the risk of exploitation. Avoid using shell metacharacters in the affected method to prevent OS command injection attacks.