#VU26749 OS Command Injection in Ivanti Connect Secure (formerly Pulse Connect Secure) and Ivanti Policy Secure (formerly Pulse Policy Secure) - CVE-2020-11581
Published: April 9, 2020
Vulnerability identifier: #VU26749
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2020-11581
CWE-ID: CWE-78
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Ivanti Connect Secure (formerly Pulse Connect Secure)
Ivanti Policy Secure (formerly Pulse Policy Secure)
Ivanti Connect Secure (formerly Pulse Connect Secure)
Ivanti Policy Secure (formerly Pulse Policy Secure)
Software vendor:
Ivanti
Ivanti
Description
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to insufficient validation of user-supplied input in doCustomRemediateInstructions methodm when the Host Checker policy is enforced. A remote attacker with ability to perform MitM attack (see vulnerability #1) can inject and execute arbitrary OS commands on the client system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.