How severe is CVE-2020-8240?

High severity. CVSS v3 base score is 7.8 out of 10.

Vulnerability in Pulsesecure Pulse_secure_desktop_client

Q: What is CVE-2020-8240?

CVE-2020-8240 is a high-severity vulnerability in Pulsesecure Pulse_secure_desktop_client. CVSS score: 7.8/10. Published 2020-10-28.

CVE-2020-8240

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Wind…

EPSS: 0.003 (23.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Pulsesecure Pulse_secure_desktop_client — versions 9.1
N/a Pulse Secure Desktop Client — versions 9.1R9

References

support@hackerone.com (x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2020-8240?: CVE-2020-8240 is a high-severity vulnerability in Pulsesecure Pulse_secure_desktop_client. CVSS score: 7.8/10. Published 2020-10-28.
How severe is CVE-2020-8240?: High severity. CVSS v3 base score is 7.8 out of 10.