Home

CVE-2020-8206

Description

An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP.

Risk Information

Base Score
8.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.52

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r1Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r2Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r3Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r4Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r4.1Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r4.2Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r4.3Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r5Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r6Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r7Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234