CVE-2020-8243
Published: 30 September 2020
Summary
CVE-2020-8243 is a high-severity Code Injection (CWE-94) vulnerability in Ivanti Connect Secure. Its CVSS base score is 7.2 (High).
Operationally, ranked in the top 4.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-5 (Access Restrictions for Change) and SI-2 (Flaw Remediation).
Deeper analysis
A vulnerability tracked as CVE-2020-8243 exists in the admin web interface of Pulse Connect Secure versions prior to 9.1R8.2. The flaw, categorized under CWE-94, permits an authenticated attacker to upload a custom template that results in arbitrary code execution on the affected system. It carries a CVSS 3.1 base score of 7.2 with network attack vector, low complexity, and high impact on confidentiality, integrity, and availability.
An attacker who already possesses valid administrative credentials can exploit the issue remotely through the web interface. Successful exploitation grants the ability to run arbitrary code, which can lead to full compromise of the Pulse Connect Secure appliance.
The vendor published remediation guidance in security advisory SA44588, and the vulnerability appears in CISA's catalog of known exploited vulnerabilities, indicating confirmed in-the-wild use.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-29114
Vulnerability details
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of the vendor patch (SA44588) that eliminates the template-upload code-execution flaw.
Enforces access restrictions on configuration changes, blocking an authenticated admin from uploading arbitrary templates that execute code.
Requires integrity verification of software and templates, enabling detection of unauthorized code introduced through the vulnerable upload path.