Vulnerability Details CVE-2020-8240
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Windows PDC if the Embedded Browser is configured with the Credential Provider.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.2%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.9
References
Products affected by CVE-2020-8240
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r1
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r1.1
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r2
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r3
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r4
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r4.1
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r4.2
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r5
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r5.2
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r6
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3rx
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0r1
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1