A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.
Threat-Mapped Scoring
Score: 1.8
Priority: P4 - Informational (Low)
S9 – Sabotage of System/App
EPSS
Score: 0.91071 Percentile:
0.99618
CVSS Scoring
CVSS v3.1 Score: 7.2
Severity: HIGH
KEV is present
Mapped CWE(s)
CWE-94
: Improper Control of Generation of Code ('Code Injection')
All CAPEC(s)
CAPEC-242: Code Injection
CAPEC-35: Leverage Executable Code in Non-Executable Files
CAPEC-77: Manipulating User-Controlled Variables
CAPEC(s) with Mapped TTPs
CAPEC-35: Leverage Executable Code in Non-Executable Files
Mapped TTPs: