Vulnerability Description
An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pulsesecure | Pulse Connect Secure | <= 9.1 |
| Pulsesecure | Pulse Secure Desktop Client | 9.1 |
References
- https://kb.pulsesecure.net/?atype=saVendor Advisory
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516Vendor Advisory
- https://kb.pulsesecure.net/?atype=saVendor Advisory
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516Vendor Advisory
FAQ
What is CVE-2020-15408?
CVE-2020-15408 is a vulnerability with a CVSS score of 3.7 (LOW). An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite.
How severe is CVE-2020-15408?
CVE-2020-15408 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-15408?
Check the references section above for vendor advisories and patch information. Affected products include: Pulsesecure Pulse Connect Secure, Pulsesecure Pulse Secure Desktop Client.