SB2020040916 - Multiple vulnerabilities in Pulse Connect Secure and Pulse Policy Secure
Published: April 9, 2020 Updated: April 22, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Improper Certificate Validation (CVE-ID: CVE-2020-11580)
The vulnerability allows a remote attacker to perform a man-in-the-middle (MitM) attack.
The vulnerability exists due to tncc.jar applet accept an arbitrary SSL certificate. A remote attacker can perform a MitM attack.
2) OS Command Injection (CVE-ID: CVE-2020-11581)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to insufficient validation of user-supplied input in doCustomRemediateInstructions methodm when the Host Checker policy is enforced. A remote attacker with ability to perform MitM attack (see vulnerability #1) can inject and execute arbitrary OS commands on the client system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-11582)
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to the applet in tncc.jar launches a TCP server that accepts local connections on a random port and can be reached by local HTTP clients. A remote attacker can use this issue to gather information from the system or perform further interactions with the victim's system.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.