CVE-2020-8239

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. This fix also requires Server Side Upgrade due to Standalone Host Checker Client (Windows) and Windows PDC.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
hackeroneCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
VendorProductVersion
pulsesecurepulse_secure_desktop_client
𝑥
< 9.1
pulsesecurepulse_secure_desktop_client
9.1:r1
pulsesecurepulse_secure_desktop_client
9.1:r2
pulsesecurepulse_secure_desktop_client
9.1:r3
pulsesecurepulse_secure_desktop_client
9.1:r3.1
pulsesecurepulse_secure_desktop_client
9.1:r4
pulsesecurepulse_secure_desktop_client
9.1:r4.1
pulsesecurepulse_secure_desktop_client
9.1:r4.2
pulsesecurepulse_secure_desktop_client
9.1:r5
pulsesecurepulse_secure_desktop_client
9.1:r6
pulsesecurepulse_secure_desktop_client
9.1:r7
pulsesecurepulse_secure_desktop_client
9.1:r7.1
pulsesecurepulse_secure_desktop_client
9.1:r8
pulsesecurepulse_secure_desktop_client
9.1:r8.2
𝑥
= Vulnerable software versions
References
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601