CVE-2020-11582

Published: Apr 6, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, launches a TCP server that accepts local connections on a random port. This can be reached by local HTTP clients, because up to 25 invalid lines are ignored, and because DNS rebinding can occur. (This server accepts, for example, a setcookie command that might be relevant to CVE-2020-11581 exploitation.)

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://git.lsd.cat/g/pulse-host-checker-rce

x_refsource_MISC

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44426

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-11582

Description

Affected Products

References