Unrated severityNVD Advisory· Published Apr 6, 2020· Updated Aug 4, 2024
CVE-2020-11581
CVE-2020-11581
Description
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, allows a man-in-the-middle attacker to perform OS command injection attacks (against a client) via shell metacharacters to the doCustomRemediateInstructions method, because Runtime.getRuntime().exec() is used.
Affected products
2- Pulse Secure/Pulse Connect Securedescription
- Range: <= 2020-04-06
Patches
Vulnerability mechanics
References
1- kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44426mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.