CVE-2020-11581: 
Ivanti Connect Secure vulnerability analysis and mitigation

A critical vulnerability (CVE-2020-11581) was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The vulnerability exists in the applet within tncc.jar, which is executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced. This vulnerability allows a man-in-the-middle attacker to perform OS command injection attacks against a client via shell metacharacters to the doCustomRemediateInstructions method, due to the unsafe use of Runtime.getRuntime().exec() (NVD).

The vulnerability stems from the Host Checker component's implementation in tncc.jar. When a client is found to be non-compliant with security policies, the system attempts to show remediation instructions using the doCustomRemediateInstructions method. This method uses Runtime.getRuntime().exec() without proper input sanitization, allowing command injection through shell metacharacters. The vulnerability received a CVSS v3.1 Base Score of 8.1 HIGH (Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) (NVD, Pulse Advisory).

The vulnerability allows attackers to execute arbitrary OS commands on affected client systems running macOS, Linux, or Solaris operating systems. This can lead to complete system compromise, including potential data theft, system manipulation, and further network penetration (Exploit Details).

Organizations should update their Pulse Connect Secure installations to versions after 2020-04-06 to address this vulnerability. The fix was released through an official security advisory from Pulse Secure (Pulse Advisory).