CVE-2020-11580
Severity Score
9.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, accepts an arbitrary SSL certificate.
Se detectó un problema en Pulse Secure Pulse Connect Secure (PCS) hasta el 06-04-2020. El applet en el archivo tncc.jar, ejecutado en clientes macOS, Linux y Solaris cuando se aplica una política Host Checker, acepta un certificado de tipo SSL arbitrario.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-04-06 CVE Reserved
- 2020-04-06 CVE Published
- 2023-08-10 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-295: Improper Certificate Validation
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://git.lsd.cat/g/pulse-host-checker-rce | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44426 | 2021-09-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Pulsesecure Search vendor "Pulsesecure" | Pulse Connect Secure Search vendor "Pulsesecure" for product "Pulse Connect Secure" | <= 2020-04-06 Search vendor "Pulsesecure" for product "Pulse Connect Secure" and version " <= 2020-04-06" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Pulsesecure Search vendor "Pulsesecure" | Pulse Connect Secure Search vendor "Pulsesecure" for product "Pulse Connect Secure" | <= 2020-04-06 Search vendor "Pulsesecure" for product "Pulse Connect Secure" and version " <= 2020-04-06" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Pulsesecure Search vendor "Pulsesecure" | Pulse Connect Secure Search vendor "Pulsesecure" for product "Pulse Connect Secure" | <= 2020-04-06 Search vendor "Pulsesecure" for product "Pulse Connect Secure" and version " <= 2020-04-06" | - |
Affected
| in | Oracle Search vendor "Oracle" | Solaris Search vendor "Oracle" for product "Solaris" | - | - |
Safe
|
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | <= 2020-04-06 Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version " <= 2020-04-06" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | <= 2020-04-06 Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version " <= 2020-04-06" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | <= 2020-04-06 Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version " <= 2020-04-06" | - |
Affected
| in | Oracle Search vendor "Oracle" | Solaris Search vendor "Oracle" for product "Solaris" | - | - |
Safe
|