CVE-2020-8260

Name of the Vulnerable Software and Affected Versions Pulse Connect Secure versions prior to 9.1R9

Description A vulnerability in the Pulse Connect Secure admin web interface could allow an authenticated attacker to perform arbitrary code execution using uncontrolled gzip extraction. This issue is related to the uncontrolled loading of files with a gzip extension, which can be exploited by a remote attacker to execute arbitrary code.

Recommendations For versions prior to 9.1R9, update to version 9.1R9 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin web interface to minimize the risk of exploitation. Avoid using the uncontrolled gzip extraction feature in the affected admin web interface until the issue is resolved.