CVE-2020-8243

Name of the Vulnerable Software and Affected Versions Pulse Connect Secure versions prior to 9.1R8.2

Description The issue is related to the Pulse Connect Secure admin web interface, where an authenticated attacker could potentially upload a custom template to execute arbitrary code. This is due to incorrect code generation management in the web interface. An attacker, acting remotely, could exploit this to execute arbitrary code.

Recommendations For versions prior to 9.1R8.2, update to version 9.1R8.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin web interface to minimize the risk of exploitation. Avoid using the template upload feature in the affected admin web interface until the issue is resolved.