CVE-2020-8241 — Improper Certificate Validation in Pulse Secure Desktop Client

CWE-295 — Improper Certificate Validation3 documents3 sources
Severity
7.5HIGHNVD
EPSS
3.5%
top 12.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Pulsesecure Pulse Secure Desktop Client
Timeline
PublishedOct 28
Latest updateMay 24

Description

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-mfw6-89c3-f897: A vulnerability in the Pulse Secure Desktop Client < 9↗2022-05-24
â–¶
CVEList
CVE-2020-8241: A vulnerability in the Pulse Secure Desktop Client < 9↗2020-10-28
â–¶
CVE-2020-8241 — Improper Certificate Validation | cvebase