7.8

CVE-2020-8240

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Windows PDC if the Embedded Browser is configured with the Credential Provider.

Data is provided by the National Vulnerability Database (NVD)
PulsesecurePulse Secure Desktop Client SwPlatformwindows Version < 9.1
PulsesecurePulse Secure Desktop Client Version9.1 Updater1 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version9.1 Updater2 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version9.1 Updater3 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version9.1 Updater3.1 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version9.1 Updater4 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version9.1 Updater4.1 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version9.1 Updater4.2 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version9.1 Updater5 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version9.1 Updater6 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version9.1 Updater7 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version9.1 Updater7.1 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version9.1 Updater8 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version9.1 Updater8.2 SwPlatformwindows
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.04% 0.102
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C