Usage of vulnerable Apache Guacamole in Pulse Connect Secure
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2020-9498 CVE-2020-9497 |
| CWE-ID | CWE-824 CWE-20 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. |
| Vulnerable software Subscribe |
Pulse Connect Secure Server applications / Remote access servers, VPN |
| Vendor | Pulse Secure |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Access of Uninitialized Pointer
EUVDB-ID: #VU29482
Risk: High
CVSSv3.1:
CVE-ID: CVE-2020-9498
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to the affected software mishandles pointers involved in processing data received via RDP static virtual channels. A remote attacker can use a specially crafted PDUs and execute arbitrary code on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address these vulnerabilities.
Pulse Connect Secure: 8.0 - 9.1R7
Fixed software versionsCPE2.3 External links
http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44525/p?pubstatus=o
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
2) Input validation error
EUVDB-ID: #VU29481
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-9497
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information on the system.
The vulnerability exists due to insufficient validation of user-supplied input of RDP static virtual channels. A remote attacker can use a specially crafted PDUs to disclose sensitive information within the memory of the guacd process handling the connection.
MitigationCybersecurity Help is currently unaware of any official solution to address these vulnerabilities.
Pulse Connect Secure: 8.0 - 9.1R7
Fixed software versionsCPE2.3 External links
http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44525/p?pubstatus=o
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
