Published: 28/10/2020 Updated: 17/08/2021

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. This fix also requires Server Side Upgrade due to Standalone Host Checker Client (Windows) and Windows PDC.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pulsesecure pulse secure desktop client
pulsesecure pulse secure desktop client 9.1

Pulse Secure VPN mitm Research - CVE-2020-8241, CVE-2020-8239

pulse-secure-vpn-mitm-research Pulse Secure mitm research Release date Joint release date with vendor: 26 Oct 2020 Author David Kierznowski, @withdk Credits Sahil Mahajan from the Pulse Secure PSIRT Team for support throughout the disclosure process Alyssa Herrera, Justin Wagner, and Mimir, and Rich Warren for their write-up, "Red Teamer’s Guide to Pulse Secure SSL

Pulse Secure VPN mitm Research - CVE-2020-8241, CVE-2020-8239

pulse-secure-vpn-mitm-research Pulse Secure mitm research Release date Joint release date with vendor: 26 Oct 2020 Author David Kierznowski, @withdk Credits Sahil Mahajan from the Pulse Secure PSIRT Team for support throughout the disclosure process Alyssa Herrera, Justin Wagner, and Mimir, and Rich Warren for their write-up, "Red Teamer’s Guide to Pulse Secure SSL

NVD-CWE-noinfo https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 https://nvd.nist.gov https://github.com/withdk/pulse-secure-vpn-mitm-research

CVE-2020-8239

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect