CVE-2020-8248

HIGH

Pulse Secure Desktop Client (Linux) < 9.1R9 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-8248. PoCs published by mbadanoiu.

AI-analyzed exploit summary The repository provides a technical analysis of CVE-2020-8248, detailing how the Pulse Secure VPN Linux client's SUID executable 'pulsesvc' unsafely uses wildcards in a zip command, leading to privilege escalation. The README references an external PDF for exploitation details but lacks direct exploit code.

Description

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.

Exploits (1)

nomisec WRITEUP

by mbadanoiu · poc

https://github.com/mbadanoiu/CVE-2020-8248

View Code ZIP pw:eip

The repository provides a technical analysis of CVE-2020-8248, detailing how the Pulse Secure VPN Linux client's SUID executable 'pulsesvc' unsafely uses wildcards in a zip command, leading to privilege escalation. The README references an external PDF for exploitation details but lacks direct exploit code.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: Pulse Secure VPN Linux Client

Auth required

Prerequisites: Access to a user-controlled folder (~/.pulse_secure/pulse/) · Ability to write crafted filenames · Post-authentication access to the Pulse VPN client

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601

Scores

CVSS v3 7.8

EPSS 0.0048

EPSS Percentile 37.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (2)

pulsesecure/pulse_secure_desktop_client 9.1 r1 (13 CPE variants)

pulsesecure/pulse_secure_desktop_client < 9.1

Published Oct 28, 2020

Tracked Since Feb 18, 2026