Recently, a Perl template injection vulnerability that leads to Remote Code Execution (RCE) was observed in Pulse Connect Secure (PCS) appliances, which was identified as CVE-2020-8243. Credits to identify this CVE goes to Richard Warren and David Cash of NCC group. An authenticated user would be able to inject arbitrary code if the user has … Continue reading “Pulse Connect Secure authenticated RCE vulnerability (CVE-2020-8243)”