What is CVE-2020-8255?

CVE-2020-8255 is a medium-severity vulnerability in Pulsesecure Pulse_secure_desktop_client, classified under Improper Input Validation. CVSS score: 4.9/10. Published 2020-10-28.

How severe is CVE-2020-8255?

Medium severity. CVSS v3 base score is 4.9 out of 10.

Is CVE-2020-8255 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Pulsesecure Pulse_secure_desktop_client

CVE-2020-8255

A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.023 (80.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.9 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N.

Affected products

Pulsesecure Pulse_secure_desktop_client — versions 9.1
N/a Pulse Connect Secure / Policy — versions 9.1R9

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

References

support@hackerone.com (x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2020-8255?: CVE-2020-8255 is a medium-severity vulnerability in Pulsesecure Pulse_secure_desktop_client, classified under Improper Input Validation. CVSS score: 4.9/10. Published 2020-10-28.
How severe is CVE-2020-8255?: Medium severity. CVSS v3 base score is 4.9 out of 10.
Is CVE-2020-8255 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.