What is the vulnerability identifier for this issue?

The vulnerability identifier for this issue is CVE-2020-12880.

What is the severity of CVE-2020-12880?

The severity of CVE-2020-12880 is medium with a CVSS score of 5.5.

Which software versions are affected by this vulnerability?

Pulse Connect Secure versions up to and including 9.1 and Pulse Policy Secure versions up to and including 9.1 are affected by this vulnerability.

How can the vulnerability be exploited?

This vulnerability can be exploited by manipulating a certain kernel boot parameter to drop into a root shell during the pre-install phase.

Where can I find more information about this vulnerability?

More information about this vulnerability can be found on the Pulse Secure Knowledge Base at the following links: [Link 1](https://kb.pulsesecure.net/?atype=sa), [Link 2](https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516).

Vulnerability/
CVE-2020-12880

medium

5.5

27/7/2020

27/2/2024

CVE-2020-12880

First published: Mon Jul 27 2020(Updated: )

An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and can be retrieved. (The source code is otherwise inaccessible because the appliance has its hard disks encrypted, and no root shell is available during normal operation.)

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Pulsesecure Pulse Connect Secure	<=9.0
Pulsesecure Pulse Connect Secure	=9.1
Pulsesecure Pulse Connect Secure	=9.1-r1
Pulsesecure Pulse Connect Secure	=9.1-r2
Pulsesecure Pulse Connect Secure	=9.1-r3
Pulsesecure Pulse Connect Secure	=9.1-r4
Pulsesecure Pulse Connect Secure	=9.1-r4.1
Pulsesecure Pulse Connect Secure	=9.1-r4.2
Pulsesecure Pulse Connect Secure	=9.1-r4.3
Pulsesecure Pulse Connect Secure	=9.1-r5
Pulsesecure Pulse Connect Secure	=9.1-r6
Pulsesecure Pulse Connect Secure	=9.1-r7
Pulsesecure Pulse Policy Secure	<=9.0
Pulsesecure Pulse Policy Secure	=9.1-r1
Pulsesecure Pulse Policy Secure	=9.1-r2
Pulsesecure Pulse Policy Secure	=9.1-r3
Pulsesecure Pulse Policy Secure	=9.1-r3.1
Pulsesecure Pulse Policy Secure	=9.1-r4
Pulsesecure Pulse Policy Secure	=9.1-r4.1
Pulsesecure Pulse Policy Secure	=9.1-r4.2
Pulsesecure Pulse Policy Secure	=9.1-r5
Pulsesecure Pulse Policy Secure	=9.1-r6
Pulsesecure Pulse Policy Secure	=9.1-r7
Ivanti Connect Secure	=9.1
Ivanti Connect Secure	=9.1-r1
Ivanti Connect Secure	=9.1-r2
Ivanti Connect Secure	=9.1-r3
Ivanti Connect Secure	=9.1-r4
Ivanti Connect Secure	=9.1-r4.1
Ivanti Connect Secure	=9.1-r4.2
Ivanti Connect Secure	=9.1-r4.3
Ivanti Connect Secure	=9.1-r5
Ivanti Connect Secure	=9.1-r6
Ivanti Connect Secure	=9.1-r7
Ivanti Policy Secure	=9.1-r1
Ivanti Policy Secure	=9.1-r2
Ivanti Policy Secure	=9.1-r3
Ivanti Policy Secure	=9.1-r3.1
Ivanti Policy Secure	=9.1-r4
Ivanti Policy Secure	=9.1-r4.1
Ivanti Policy Secure	=9.1-r4.2
Ivanti Policy Secure	=9.1-r5
Ivanti Policy Secure	=9.1-r6
Ivanti Policy Secure	=9.1-r7

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability identifier for this issue?
The vulnerability identifier for this issue is CVE-2020-12880.
What is the severity of CVE-2020-12880?
The severity of CVE-2020-12880 is medium with a CVSS score of 5.5.
Which software versions are affected by this vulnerability?
Pulse Connect Secure versions up to and including 9.1 and Pulse Policy Secure versions up to and including 9.1 are affected by this vulnerability.
How can the vulnerability be exploited?
This vulnerability can be exploited by manipulating a certain kernel boot parameter to drop into a root shell during the pre-install phase.
Where can I find more information about this vulnerability?
More information about this vulnerability can be found on the Pulse Secure Knowledge Base at the following links: [Link 1](https://kb.pulsesecure.net/?atype=sa), [Link 2](https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516).

collector/nvd-index
agent/type
agent/references
agent/first-publish-date
agent/last-modified-date
agent/severity
agent/author
agent/softwarecombine
agent/tags
agent/event
agent/description
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/pulsesecure
canonical/pulsesecure pulse connect secure
version/pulsesecure pulse connect secure/9.0
version/pulsesecure pulse connect secure/9.1
version/pulsesecure pulse connect secure/9.1-r1
version/pulsesecure pulse connect secure/9.1-r2
version/pulsesecure pulse connect secure/9.1-r3
version/pulsesecure pulse connect secure/9.1-r4
version/pulsesecure pulse connect secure/9.1-r4.1
version/pulsesecure pulse connect secure/9.1-r4.2
version/pulsesecure pulse connect secure/9.1-r4.3
version/pulsesecure pulse connect secure/9.1-r5
version/pulsesecure pulse connect secure/9.1-r6
version/pulsesecure pulse connect secure/9.1-r7
canonical/pulsesecure pulse policy secure
version/pulsesecure pulse policy secure/9.0
version/pulsesecure pulse policy secure/9.1-r1
version/pulsesecure pulse policy secure/9.1-r2
version/pulsesecure pulse policy secure/9.1-r3
version/pulsesecure pulse policy secure/9.1-r3.1
version/pulsesecure pulse policy secure/9.1-r4
version/pulsesecure pulse policy secure/9.1-r4.1
version/pulsesecure pulse policy secure/9.1-r4.2
version/pulsesecure pulse policy secure/9.1-r5
version/pulsesecure pulse policy secure/9.1-r6
version/pulsesecure pulse policy secure/9.1-r7
vendor/ivanti
canonical/ivanti connect secure
version/ivanti connect secure/9.1
version/ivanti connect secure/9.1-r1
version/ivanti connect secure/9.1-r2
version/ivanti connect secure/9.1-r3
version/ivanti connect secure/9.1-r4
version/ivanti connect secure/9.1-r4.1
version/ivanti connect secure/9.1-r4.2
version/ivanti connect secure/9.1-r4.3
version/ivanti connect secure/9.1-r5
version/ivanti connect secure/9.1-r6
version/ivanti connect secure/9.1-r7
canonical/ivanti policy secure
version/ivanti policy secure/9.1-r1
version/ivanti policy secure/9.1-r2
version/ivanti policy secure/9.1-r3
version/ivanti policy secure/9.1-r3.1
version/ivanti policy secure/9.1-r4
version/ivanti policy secure/9.1-r4.1
version/ivanti policy secure/9.1-r4.2
version/ivanti policy secure/9.1-r5
version/ivanti policy secure/9.1-r6
version/ivanti policy secure/9.1-r7