CVE-2020-8254

HIGH

Pulse Secure Desktop Client <9.1R9 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-8254. PoCs published by mbadanoiu.

AI-analyzed exploit summary The repository lacks actual exploit code and instead redirects users to an external PDF for details, which is a common tactic in suspicious repos. It mentions user interaction requirements but provides no technical depth or PoC code.

Description

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security of connections between Pulse clients and Pulse Connect Secure, see below recommendation(s):Disable Dynamic certificate trust for PDC.

Exploits (1)

nomisec SUSPICIOUS
by mbadanoiu · poc
https://github.com/mbadanoiu/CVE-2020-8254

The repository lacks actual exploit code and instead redirects users to an external PDF for details, which is a common tactic in suspicious repos. It mentions user interaction requirements but provides no technical depth or PoC code.

Classification
Suspicious 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Pulse Secure Desktop Client < 9.1R9
No auth needed
Prerequisites: User interaction (victim must accept a malicious 'Host Checker' download)
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.0203
EPSS Percentile 78.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-22 CWE-23
Status published
Products (2)
pulsesecure/pulse_secure_desktop_client 9.1 r1 (13 CPE variants)
pulsesecure/pulse_secure_desktop_client < 9.1
Published Oct 28, 2020
Tracked Since Feb 18, 2026