CVE-2020-12880

Name of the Vulnerable Software and Affected Versions Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance versions prior to 9.1R8

Description An issue was discovered in the affected software. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase. This allows access to the entire source code of the appliance, which is otherwise inaccessible due to the appliance's hard disks being encrypted and no root shell being available during normal operation.

Recommendations For Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance versions prior to 9.1R8, update to version 9.1R8 or later to resolve the issue.