Main
Vulnerability Database
Exploits
ID:5309 - Exploit for Arbitrary file upload in Ivanti Connect Secure (formerly Pulse Connect Secure) and Ivanti Policy Secure (formerly Pulse Policy Secure) - CVE-2020-8260
ID:5309 - Exploit for Arbitrary file upload in Ivanti Connect Secure (formerly Pulse Connect Secure) and Ivanti Policy Secure (formerly Pulse Policy Secure) - CVE-2020-8260
Published: April 21, 2021
Vulnerability identifier: #VU52472
Vulnerability risk: Medium
CVE-ID: CVE-2020-8260
CWE-ID: CWE-434
Exploitation vector: Remote access
Vulnerable software:
Ivanti Connect Secure (formerly Pulse Connect Secure)
Ivanti Policy Secure (formerly Pulse Policy Secure)
Ivanti Connect Secure (formerly Pulse Connect Secure)
Ivanti Policy Secure (formerly Pulse Policy Secure)
Link to public exploit:
Vulnerability description
The vulnerability allows a remote user to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file during file upload within the administrative web interface. A remote user can upload a malicious gzip file to the system and extract its contents into arbitrary directory.
Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.
Remediation
Install updates from vendor's website.