Unrated severityNVD Advisory· Published Jul 27, 2020· Updated Aug 4, 2024
CVE-2020-12880
CVE-2020-12880
Description
An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and can be retrieved. (The source code is otherwise inaccessible because the appliance has its hard disks encrypted, and no root shell is available during normal operation.)
Affected products
3- Pulse Secure/Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliancedescription
- Range: <9.1R8
- Range: <9.1R8
Patches
Vulnerability mechanics
References
2- kb.pulsesecure.netmitrex_refsource_MISC
- kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.