CVE-2020-8241

HIGH

Pulse Secure Desktop Client < 9.1R9 - Man In The Middle

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-8241. PoCs published by withdk.

AI-analyzed exploit summary This repository contains a functional proof-of-concept tool (`rogue-pulse-svr.py`) that demonstrates a man-in-the-middle attack against Pulse Secure VPN clients, leveraging CVE-2020-8241 to achieve remote code execution with SYSTEM privileges. The PoC includes features like credential theft, UNC path execution, and registry manipulation via host compliance checks.

Description

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server.

Exploits (1)

nomisec WORKING POC 24 stars
by withdk · poc
https://github.com/withdk/pulse-secure-vpn-mitm-research

This repository contains a functional proof-of-concept tool (`rogue-pulse-svr.py`) that demonstrates a man-in-the-middle attack against Pulse Secure VPN clients, leveraging CVE-2020-8241 to achieve remote code execution with SYSTEM privileges. The PoC includes features like credential theft, UNC path execution, and registry manipulation via host compliance checks.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Pulse Connect Secure (PCS) VPN Client
No auth needed
Prerequisites: Man-in-the-middle position on the network · User must accept a certificate warning · Default configuration with 'dynamic-trust' enabled
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 7.5
EPSS 0.0174
EPSS Percentile 74.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Status published
Products (2)
pulsesecure/pulse_secure_desktop_client 9.1 r1 (13 CPE variants)
pulsesecure/pulse_secure_desktop_client < 9.1
Published Oct 28, 2020
Tracked Since Feb 18, 2026