CVE-2020-8240 (GCVE-0-2020-8240)
Vulnerability from cvelistv5
Published
2020-10-28 12:41
Modified
2024-08-04 09:56
Severity ?
CWE
  • Privilege Escalation (CAPEC-233)
Summary
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Windows PDC if the Embedded Browser is configured with the Credential Provider.
References
Impacted products
Vendor Product Version
n/a Pulse Secure Desktop Client Version: 9.1R9
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:56:27.681Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Pulse Secure Desktop Client",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "9.1R9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Pulse Secure Desktop Client \u003c 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Windows PDC if the Embedded Browser is configured with the Credential Provider."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Privilege Escalation (CAPEC-233)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-28T12:41:44",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2020-8240",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Pulse Secure Desktop Client",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.1R9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Pulse Secure Desktop Client \u003c 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Windows PDC if the Embedded Browser is configured with the Credential Provider."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Privilege Escalation (CAPEC-233)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
              "refsource": "MISC",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2020-8240",
    "datePublished": "2020-10-28T12:41:44",
    "dateReserved": "2020-01-28T00:00:00",
    "dateUpdated": "2024-08-04T09:56:27.681Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-8240\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2020-10-28T13:15:12.387\",\"lastModified\":\"2024-11-21T05:38:34.300\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the Pulse Secure Desktop Client \u003c 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Windows PDC if the Embedded Browser is configured with the Credential Provider.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en Pulse Secure Desktop Client versiones anteriores a 9.1R9, permite que un usuario restringido en una m\u00e1quina endpoint pueda usar privilegios de nivel system si el Embedded Browser est\u00e1 configurado con Credential Provider.\u0026#xa0;Esta vulnerabilidad solo afecta Windows PDC si el Embedded Browser est\u00e1 configurado con el Credential Provider\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"9.1\",\"matchCriteriaId\":\"F3BBCA2A-A964-4B88-84D2-09199D7830D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r1:*:*:*:windows:*:*\",\"matchCriteriaId\":\"5D8D50A3-4BCA-424C-80A6-FB748505E322\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r2:*:*:*:windows:*:*\",\"matchCriteriaId\":\"4582A0E1-A8CE-41F1-B66B-093B6A6B0C5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3:*:*:*:windows:*:*\",\"matchCriteriaId\":\"E752E4C2-30CB-46D1-A785-49EDF2A15248\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3.1:*:*:*:windows:*:*\",\"matchCriteriaId\":\"75017203-FA52-4C5D-9B9C-E38F26852BB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4:*:*:*:windows:*:*\",\"matchCriteriaId\":\"C6460E3E-758A-41AC-A1A3-7288B5030C0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.1:*:*:*:windows:*:*\",\"matchCriteriaId\":\"D16AD2E8-9C7D-4EA2-8AF1-881546E97D75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.2:*:*:*:windows:*:*\",\"matchCriteriaId\":\"FFB49374-0F24-41BA-BC44-51DC22D27B0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r5:*:*:*:windows:*:*\",\"matchCriteriaId\":\"3996F908-D6EE-461B-8A2B-BF2FD94BB776\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r6:*:*:*:windows:*:*\",\"matchCriteriaId\":\"F51DF92D-EEEC-4F2D-902C-6084201CAF05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r7:*:*:*:windows:*:*\",\"matchCriteriaId\":\"A502DBE4-F14E-4115-8AFE-12D47AEAFEF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r7.1:*:*:*:windows:*:*\",\"matchCriteriaId\":\"EC134B99-2DDE-43F1-9808-A4AC4FDD943E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r8:*:*:*:windows:*:*\",\"matchCriteriaId\":\"A34AEAC3-082E-4EA3-B46B-782F11053F15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r8.2:*:*:*:windows:*:*\",\"matchCriteriaId\":\"32465036-9876-4AAD-86A0-C5503C0C55F4\"}]}]}],\"references\":[{\"url\":\"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601\",\"source\":\"support@hackerone.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.