Vulnerabilities > CVE-2020-8240 - Unspecified vulnerability in Pulsesecure Pulse Secure Desktop Client

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

pulsesecure

NVD

Published: 2020-10-28

Updated: 2020-11-03

Summary

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Windows PDC if the Embedded Browser is configured with the Credential Provider.

Vulnerable Configurations

Part	Description	Count
Application	Pulsesecure Pulsesecure Pulse Secure Desktop Client 9.1 Pulsesecure Pulse Secure Desktop Client 5.3 Pulsesecure Pulse Secure Desktop Client 5.3R1 Pulsesecure Pulse Secure Desktop Client 5.3R1.1 Pulsesecure Pulse Secure Desktop Client 5.3R2 Pulsesecure Pulse Secure Desktop Client 5.3R3 Pulsesecure Pulse Secure Desktop Client 5.3R4 Pulsesecure Pulse Secure Desktop Client 5.3R4.1 Pulsesecure Pulse Secure Desktop Client 5.3R4.2 Pulsesecure Pulse Secure Desktop Client 5.3R5 Pulsesecure Pulse Secure Desktop Client 5.3R5.2 Pulsesecure Pulse Secure Desktop Client 5.3R6 Pulsesecure Pulse Secure Desktop Client 5.3Rx Pulsesecure Pulse Secure Desktop Client 9.0 Pulsesecure Pulse Secure Desktop Client 9.0R1	44

References

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601