CVE-2020-8240

Summary

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Windows PDC if the Embedded Browser is configured with the Credential Provider.

Affected Software

VendorProductVersion RangeStatus
n/aPulse Secure Desktop Client9.1R9affected

Weaknesses

  • Privilege Escalation (CAPEC-233)

ADP Enrichment

CVE Program Container

Additional References

References