CVE-2020-8218

Name of the Vulnerable Software and Affected Versions Pulse Connect Secure versions prior to 9.1R8

Description A code injection vulnerability exists in the admin web interface of Pulse Connect Secure, allowing an attacker to craft a URI and perform arbitrary code execution. The vulnerability is related to incorrect code generation management. Exploitation of the vulnerability may allow a remote attacker to execute arbitrary code. The txtVLSAuthCode parameter in the /dana-admin/license/downloadlicenses.cgi API endpoint is vulnerable to code injection. For example, the endpoint /dana-admin/license/downloadlicenses.cgi?cmd=download&txtVLSAuthCode=whatever -n '($x="ls /",system$x); #' -e /data/runtime/tmp/tt/setcookie.thtml.ttc can be used to exploit the vulnerability.

Recommendations For Pulse Connect Secure versions prior to 9.1R8, update to version 9.1R8 or later to resolve the issue. As a temporary workaround, consider restricting access to the /dana-admin/license/downloadlicenses.cgi API endpoint to minimize the risk of exploitation. Avoid using the txtVLSAuthCode parameter in the affected API endpoint until the issue is resolved.