CVE-2020-15408

An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.7 LOW
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
mitreCNA
3.7 LOW
NETWORK
HIGH
LOW
CVSS:3.1/AC:H/AV:N/A:N/C:L/I:L/PR:L/S:U/UI:R
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
pulsesecurepulse_connect_secure
𝑥
≤ 9.1
pulsesecurepulse_secure_desktop_client
9.1:r1.0
pulsesecurepulse_secure_desktop_client
9.1:r2.0
pulsesecurepulse_secure_desktop_client
9.1:r3.0
pulsesecurepulse_secure_desktop_client
9.1:r3.1
pulsesecurepulse_secure_desktop_client
9.1:r4.0
pulsesecurepulse_secure_desktop_client
9.1:r4.1
pulsesecurepulse_secure_desktop_client
9.1:r4.2
pulsesecurepulse_secure_desktop_client
9.1:r5.0
pulsesecurepulse_secure_desktop_client
9.1:r6.0
pulsesecurepulse_secure_desktop_client
9.1:r7.0
𝑥
= Vulnerable software versions
References
https://kb.pulsesecure.net/?atype=sa
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516
https://kb.pulsesecure.net/?atype=sa
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516