Vulnerability Details CVE-2020-8254
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security of connections between Pulse clients and Pulse Connect Secure, see below recommendation(s):Disable Dynamic certificate trust for PDC.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.016
EPSS Ranking 80.4%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
Products affected by CVE-2020-8254
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r1
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r1.1
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r2
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r3
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r4
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r4.1
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r4.2
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r5
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r5.2
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r6
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3rx
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0r1
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1