CVE-2020-8240 — Pulse Secure Desktop Client vulnerability

3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 86.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pulsesecure Pulse Secure Desktop Client

Timeline

PublishedOct 28

Latest updateMay 24

Description

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Windows PDC if the Embedded Browser is configured with the Credential Provider.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDpulsesecure/pulse_secure_desktop_client< 9.1+1

▶CVEListV5pulsesecure/pulse_secure_desktop_client9.1R9

🔴Vulnerability Details

GHSA

GHSA-w6wj-pwwx-72q5: A vulnerability in the Pulse Secure Desktop Client < 9↗2022-05-24

▶

CVEList

CVE-2020-8240: A vulnerability in the Pulse Secure Desktop Client < 9↗2020-10-28

▶