Cyber Resilience

CVE-2020-8243

HighCISA KEVActive ExploitationEUVD ExploitedRCE

Published: 30 September 2020

Published
30 September 2020
Modified
18 December 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.2054 95.7th percentile
Risk Priority 47 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-8243 is a high-severity Code Injection (CWE-94) vulnerability in Ivanti Connect Secure. Its CVSS base score is 7.2 (High).

Operationally, ranked in the top 4.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-5 (Access Restrictions for Change) and SI-2 (Flaw Remediation).

Deeper analysis

A vulnerability tracked as CVE-2020-8243 exists in the admin web interface of Pulse Connect Secure versions prior to 9.1R8.2. The flaw, categorized under CWE-94, permits an authenticated attacker to upload a custom template that results in arbitrary code execution on the affected system. It carries a CVSS 3.1 base score of 7.2 with network attack vector, low complexity, and high impact on confidentiality, integrity, and availability.

An attacker who already possesses valid administrative credentials can exploit the issue remotely through the web interface. Successful exploitation grants the ability to run arbitrary code, which can lead to full compromise of the Pulse Connect Secure appliance.

The vendor published remediation guidance in security advisory SA44588, and the vulnerability appears in CISA's catalog of known exploited vulnerabilities, indicating confirmed in-the-wild use.

EU & UK References

Vulnerability details

A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

ivanti
connect secure
9.1 · ≤ 9.0
ivanti
policy secure
9.1 · ≤ 9.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of the vendor patch (SA44588) that eliminates the template-upload code-execution flaw.

prevent

Enforces access restrictions on configuration changes, blocking an authenticated admin from uploading arbitrary templates that execute code.

detect

Requires integrity verification of software and templates, enabling detection of unauthorized code introduced through the vulnerable upload path.

References