How severe is CVE-2020-8220?

CVE-2020-8220 has a severity value of 6.5, which is considered medium.

Which software versions are affected by CVE-2020-8220?

Pulse Connect Secure versions up to 9.1R8 and Pulse Policy Secure versions up to 9.1R7 are affected by CVE-2020-8220.

How can an attacker exploit CVE-2020-8220?

An authenticated attacker can exploit CVE-2020-8220 by performing command injection via the administrator web.

Where can I find more information about CVE-2020-8220?

You can find more information about CVE-2020-8220 in the following link: [Pulse Security Advisories - SA44516](https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516)

Vulnerability/
CVE-2020-8220

medium

6.5

CWE

400 77

30/7/2020

27/2/2024

CVE-2020-8220: Command Injection

Q: What is CVE-2020-8220?

CVE-2020-8220 is a denial of service vulnerability in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS.

First published: Thu Jul 30 2020(Updated: )

A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS.

Credit: support@hackerone.com support@hackerone.com

Affected Software	Affected Version	How to fix
Pulsesecure Pulse Connect Secure	<=9.0
Pulsesecure Pulse Connect Secure	=9.1
Pulsesecure Pulse Connect Secure	=9.1-r1
Pulsesecure Pulse Connect Secure	=9.1-r2
Pulsesecure Pulse Connect Secure	=9.1-r3
Pulsesecure Pulse Connect Secure	=9.1-r4
Pulsesecure Pulse Connect Secure	=9.1-r4.1
Pulsesecure Pulse Connect Secure	=9.1-r4.2
Pulsesecure Pulse Connect Secure	=9.1-r4.3
Pulsesecure Pulse Connect Secure	=9.1-r5
Pulsesecure Pulse Connect Secure	=9.1-r6
Pulsesecure Pulse Connect Secure	=9.1-r7
Pulsesecure Pulse Policy Secure	<=9.0
Pulsesecure Pulse Policy Secure	=9.1
Pulsesecure Pulse Policy Secure	=9.1-r1
Pulsesecure Pulse Policy Secure	=9.1-r2
Pulsesecure Pulse Policy Secure	=9.1-r3
Pulsesecure Pulse Policy Secure	=9.1-r3.1
Pulsesecure Pulse Policy Secure	=9.1-r4
Pulsesecure Pulse Policy Secure	=9.1-r4.1
Pulsesecure Pulse Policy Secure	=9.1-r4.2
Pulsesecure Pulse Policy Secure	=9.1-r5
Pulsesecure Pulse Policy Secure	=9.1-r6
Pulsesecure Pulse Policy Secure	=9.1-r7
Ivanti Connect Secure	=9.1
Ivanti Connect Secure	=9.1-r1
Ivanti Connect Secure	=9.1-r2
Ivanti Connect Secure	=9.1-r3
Ivanti Connect Secure	=9.1-r4
Ivanti Connect Secure	=9.1-r4.1
Ivanti Connect Secure	=9.1-r4.2
Ivanti Connect Secure	=9.1-r4.3
Ivanti Connect Secure	=9.1-r5
Ivanti Connect Secure	=9.1-r6
Ivanti Connect Secure	=9.1-r7
Ivanti Policy Secure	=9.1
Ivanti Policy Secure	=9.1-r1
Ivanti Policy Secure	=9.1-r2
Ivanti Policy Secure	=9.1-r3
Ivanti Policy Secure	=9.1-r3.1
Ivanti Policy Secure	=9.1-r4
Ivanti Policy Secure	=9.1-r4.1
Ivanti Policy Secure	=9.1-r4.2
Ivanti Policy Secure	=9.1-r5
Ivanti Policy Secure	=9.1-r6
Ivanti Policy Secure	=9.1-r7

Never miss a vulnerability like this again

Reference Links

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516

Frequently Asked Questions

What is CVE-2020-8220?
CVE-2020-8220 is a denial of service vulnerability in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS.
How severe is CVE-2020-8220?
CVE-2020-8220 has a severity value of 6.5, which is considered medium.
Which software versions are affected by CVE-2020-8220?
Pulse Connect Secure versions up to 9.1R8 and Pulse Policy Secure versions up to 9.1R7 are affected by CVE-2020-8220.
How can an attacker exploit CVE-2020-8220?
An authenticated attacker can exploit CVE-2020-8220 by performing command injection via the administrator web.
Where can I find more information about CVE-2020-8220?
You can find more information about CVE-2020-8220 in the following link: [Pulse Security Advisories - SA44516](https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516)

collector/nvd-index
agent/type
agent/first-publish-date
agent/severity
agent/references
agent/weakness
agent/author
agent/event
agent/last-modified-date
agent/description
agent/tags
agent/softwarecombine
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/pulsesecure
canonical/pulsesecure pulse connect secure
version/pulsesecure pulse connect secure/9.0
version/pulsesecure pulse connect secure/9.1
version/pulsesecure pulse connect secure/9.1-r1
version/pulsesecure pulse connect secure/9.1-r2
version/pulsesecure pulse connect secure/9.1-r3
version/pulsesecure pulse connect secure/9.1-r4
version/pulsesecure pulse connect secure/9.1-r4.1
version/pulsesecure pulse connect secure/9.1-r4.2
version/pulsesecure pulse connect secure/9.1-r4.3
version/pulsesecure pulse connect secure/9.1-r5
version/pulsesecure pulse connect secure/9.1-r6
version/pulsesecure pulse connect secure/9.1-r7
canonical/pulsesecure pulse policy secure
version/pulsesecure pulse policy secure/9.0
version/pulsesecure pulse policy secure/9.1
version/pulsesecure pulse policy secure/9.1-r1
version/pulsesecure pulse policy secure/9.1-r2
version/pulsesecure pulse policy secure/9.1-r3
version/pulsesecure pulse policy secure/9.1-r3.1
version/pulsesecure pulse policy secure/9.1-r4
version/pulsesecure pulse policy secure/9.1-r4.1
version/pulsesecure pulse policy secure/9.1-r4.2
version/pulsesecure pulse policy secure/9.1-r5
version/pulsesecure pulse policy secure/9.1-r6
version/pulsesecure pulse policy secure/9.1-r7
vendor/ivanti
canonical/ivanti connect secure
version/ivanti connect secure/9.1
version/ivanti connect secure/9.1-r1
version/ivanti connect secure/9.1-r2
version/ivanti connect secure/9.1-r3
version/ivanti connect secure/9.1-r4
version/ivanti connect secure/9.1-r4.1
version/ivanti connect secure/9.1-r4.2
version/ivanti connect secure/9.1-r4.3
version/ivanti connect secure/9.1-r5
version/ivanti connect secure/9.1-r6
version/ivanti connect secure/9.1-r7
canonical/ivanti policy secure
version/ivanti policy secure/9.1
version/ivanti policy secure/9.1-r1
version/ivanti policy secure/9.1-r2
version/ivanti policy secure/9.1-r3
version/ivanti policy secure/9.1-r3.1
version/ivanti policy secure/9.1-r4
version/ivanti policy secure/9.1-r4.1
version/ivanti policy secure/9.1-r4.2
version/ivanti policy secure/9.1-r5
version/ivanti policy secure/9.1-r6
version/ivanti policy secure/9.1-r7

CVE-2020-8220: Command Injection

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-8220?

How severe is CVE-2020-8220?

Which software versions are affected by CVE-2020-8220?

How can an attacker exploit CVE-2020-8220?

Where can I find more information about CVE-2020-8220?

Company

Resources

Contact