Vulnerabilities > CVE-2020-8240 - Unspecified vulnerability in Pulsesecure Pulse Secure Desktop Client

CVSS 6.9 - MEDIUM

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

pulsesecure

NVD

Published: 2020-10-28

Updated: 2020-11-03

Summary

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Windows PDC if the Embedded Browser is configured with the Credential Provider.

Vulnerable Configurations

Part	Description	Count
Application	Pulsesecure Pulsesecure Pulse Secure Desktop Client 5.3 Pulsesecure Pulse Secure Desktop Client 5.3R1 Pulsesecure Pulse Secure Desktop Client 5.3R1.1 Pulsesecure Pulse Secure Desktop Client 5.3R2 Pulsesecure Pulse Secure Desktop Client 5.3R3 Pulsesecure Pulse Secure Desktop Client 5.3R4 Pulsesecure Pulse Secure Desktop Client 5.3R4.1 Pulsesecure Pulse Secure Desktop Client 5.3R4.2 Pulsesecure Pulse Secure Desktop Client 5.3Rx Pulsesecure Pulse Secure Desktop Client 9.0 Pulsesecure Pulse Secure Desktop Client 9.0R1 Pulsesecure Pulse Secure Desktop Client 9.1	41

References

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601