What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2020-8261.

What is the affected software?

The affected software is Pulse Connect Secure / Pulse Policy Secure versions < 9.1R9.

Is this vulnerability easy to exploit?

The severity level of this vulnerability is medium (CVSS score of 4.3), indicating it may not be easy to exploit.

What is the potential impact of this vulnerability?

This vulnerability allows for arbitrary cookie injection, which can lead to authentication bypass or session hijacking.

How can I fix this vulnerability?

To fix this vulnerability, it is recommended to update to Pulse Connect Secure / Pulse Policy Secure version 9.1R9 or later.

Vulnerability/
CVE-2020-8261

medium

4.3

CWE

120

28/10/2020

27/2/2024

CVE-2020-8261

Q: Is this vulnerability easy to exploit?

The severity level of this vulnerability is medium (CVSS score of 4.3), indicating it may not be easy to exploit.

Q: What is the potential impact of this vulnerability?

This vulnerability allows for arbitrary cookie injection, which can lead to authentication bypass or session hijacking.

Q: How can I fix this vulnerability?

To fix this vulnerability, it is recommended to update to Pulse Connect Secure / Pulse Policy Secure version 9.1R9 or later.

First published: Wed Oct 28 2020(Updated: )

A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.

Credit: support@hackerone.com support@hackerone.com

Affected Software	Affected Version	How to fix
Pulsesecure Pulse Connect Secure	<9.1
Pulsesecure Pulse Connect Secure	=9.1-r1
Pulsesecure Pulse Connect Secure	=9.1-r2
Pulsesecure Pulse Connect Secure	=9.1-r3
Pulsesecure Pulse Connect Secure	=9.1-r4
Pulsesecure Pulse Connect Secure	=9.1-r5
Pulsesecure Pulse Connect Secure	=9.1-r6
Pulsesecure Pulse Connect Secure	=9.1-r7
Pulsesecure Pulse Connect Secure	=9.1-r8
Pulsesecure Pulse Policy Secure	<9.1
Pulsesecure Pulse Policy Secure	=9.1-r1
Pulsesecure Pulse Policy Secure	=9.1-r2
Pulsesecure Pulse Policy Secure	=9.1-r3
Pulsesecure Pulse Policy Secure	=9.1-r4
Pulsesecure Pulse Policy Secure	=9.1-r5
Pulsesecure Pulse Policy Secure	=9.1-r6
Pulsesecure Pulse Policy Secure	=9.1-r7
Pulsesecure Pulse Policy Secure	=9.1-r8
Ivanti Connect Secure	=9.1-r1
Ivanti Connect Secure	=9.1-r2
Ivanti Connect Secure	=9.1-r3
Ivanti Connect Secure	=9.1-r4
Ivanti Connect Secure	=9.1-r5
Ivanti Connect Secure	=9.1-r6
Ivanti Connect Secure	=9.1-r7
Ivanti Connect Secure	=9.1-r8
Ivanti Policy Secure	=9.1-r1
Ivanti Policy Secure	=9.1-r2
Ivanti Policy Secure	=9.1-r3
Ivanti Policy Secure	=9.1-r4
Ivanti Policy Secure	=9.1-r5
Ivanti Policy Secure	=9.1-r6
Ivanti Policy Secure	=9.1-r7
Ivanti Policy Secure	=9.1-r8

Never miss a vulnerability like this again

Reference Links

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601

Frequently Asked Questions

What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-8261.
What is the affected software?
The affected software is Pulse Connect Secure / Pulse Policy Secure versions < 9.1R9.
Is this vulnerability easy to exploit?
The severity level of this vulnerability is medium (CVSS score of 4.3), indicating it may not be easy to exploit.
What is the potential impact of this vulnerability?
This vulnerability allows for arbitrary cookie injection, which can lead to authentication bypass or session hijacking.
How can I fix this vulnerability?
To fix this vulnerability, it is recommended to update to Pulse Connect Secure / Pulse Policy Secure version 9.1R9 or later.

collector/nvd-index
agent/type
agent/first-publish-date
agent/references
agent/author
agent/last-modified-date
agent/severity
agent/weakness
agent/softwarecombine
agent/tags
agent/description
agent/event
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/pulsesecure
canonical/pulsesecure pulse connect secure
version/pulsesecure pulse connect secure/9.1-r1
version/pulsesecure pulse connect secure/9.1-r2
version/pulsesecure pulse connect secure/9.1-r3
version/pulsesecure pulse connect secure/9.1-r4
version/pulsesecure pulse connect secure/9.1-r5
version/pulsesecure pulse connect secure/9.1-r6
version/pulsesecure pulse connect secure/9.1-r7
version/pulsesecure pulse connect secure/9.1-r8
canonical/pulsesecure pulse policy secure
version/pulsesecure pulse policy secure/9.1-r1
version/pulsesecure pulse policy secure/9.1-r2
version/pulsesecure pulse policy secure/9.1-r3
version/pulsesecure pulse policy secure/9.1-r4
version/pulsesecure pulse policy secure/9.1-r5
version/pulsesecure pulse policy secure/9.1-r6
version/pulsesecure pulse policy secure/9.1-r7
version/pulsesecure pulse policy secure/9.1-r8
vendor/ivanti
canonical/ivanti connect secure
version/ivanti connect secure/9.1-r1
version/ivanti connect secure/9.1-r2
version/ivanti connect secure/9.1-r3
version/ivanti connect secure/9.1-r4
version/ivanti connect secure/9.1-r5
version/ivanti connect secure/9.1-r6
version/ivanti connect secure/9.1-r7
version/ivanti connect secure/9.1-r8
canonical/ivanti policy secure
version/ivanti policy secure/9.1-r1
version/ivanti policy secure/9.1-r2
version/ivanti policy secure/9.1-r3
version/ivanti policy secure/9.1-r4
version/ivanti policy secure/9.1-r5
version/ivanti policy secure/9.1-r6
version/ivanti policy secure/9.1-r7
version/ivanti policy secure/9.1-r8