OS Command Injection in Ivanti Connect Secure (formerly Pulse Connect Secure) and Ivanti Policy Secure (formerly Pulse Policy Secure) - CVE-2020-11581
Published: April 9, 2020
Vulnerability identifier: #VU26749
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2020-11581
CWE-ID: CWE-78
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Ivanti
Affected software:
Ivanti Connect Secure (formerly Pulse Connect Secure)
Ivanti Policy Secure (formerly Pulse Policy Secure)
Ivanti Connect Secure (formerly Pulse Connect Secure)
Ivanti Policy Secure (formerly Pulse Policy Secure)
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to insufficient validation of user-supplied input in doCustomRemediateInstructions methodm when the Host Checker policy is enforced. A remote attacker with ability to perform MitM attack (see vulnerability #1) can inject and execute arbitrary OS commands on the client system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to mitigate CVE-2020-11581
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.