CVE-2020-8248 | ByteOS Network

Vulnerability Details :

CVE-2020-8248

Assigner-hackerone

Assigner Org ID-36234546-b8fa-4601-9d6f-f4e334aa8ea1

Published At-28 Oct, 2020 | 12:40

Updated At-04 Aug, 2024 | 09:56

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.

EPSS History

Score

Latest Score

-

N/A

Percentile

Latest Percentile

-

N/A

▼Common Vulnerabilities and Exposures (CVE)

Assigner:hackerone

Assigner Org ID:36234546-b8fa-4601-9d6f-f4e334aa8ea1

Published At:28 Oct, 2020 | 12:40

Updated At:04 Aug, 2024 | 09:56

▼CVE Numbering Authority (CNA)

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.

Affected Products

Vendor

Product

Pulse Secure Desktop Client

Versions

Affected

9.1R9

Problem Types

Type	CWE ID	Description
text	N/A	Privilege Escalation (CAPEC-233)

Type: text

CWE ID: N/A

Description: Privilege Escalation (CAPEC-233)

References

Hyperlink	Resource
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601	x_refsource_MISC

Hyperlink: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601

Resource:

x_refsource_MISC

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601	x_refsource_MISC x_transferred

Hyperlink: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601

Resource:

x_refsource_MISC

x_transferred

▼National Vulnerability Database (NVD)

Source:support@hackerone.com

Published At:28 Oct, 2020 | 13:15

Updated At:17 Aug, 2021 | 16:35

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 3.1

Base score: 7.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 4.6

Base severity: MEDIUM

Vector:

AV:L/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

>>pulse_secure_desktop_client>>Versions before 9.1(exclusive)

cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:*:*:*:*:*:linux:*:*

>>pulse_secure_desktop_client>>9.1

cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r1:*:*:*:linux:*:*

>>pulse_secure_desktop_client>>9.1

cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r2:*:*:*:linux:*:*

>>pulse_secure_desktop_client>>9.1

cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3:*:*:*:linux:*:*

>>pulse_secure_desktop_client>>9.1

cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3.1:*:*:*:linux:*:*

>>pulse_secure_desktop_client>>9.1

cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4:*:*:*:linux:*:*

>>pulse_secure_desktop_client>>9.1

cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.1:*:*:*:linux:*:*

>>pulse_secure_desktop_client>>9.1

cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.2:*:*:*:linux:*:*

>>pulse_secure_desktop_client>>9.1

cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r5:*:*:*:linux:*:*

>>pulse_secure_desktop_client>>9.1

cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r6:*:*:*:linux:*:*

>>pulse_secure_desktop_client>>9.1

cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r7:*:*:*:linux:*:*

>>pulse_secure_desktop_client>>9.1

cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r7.1:*:*:*:linux:*:*

>>pulse_secure_desktop_client>>9.1

cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r8:*:*:*:linux:*:*

>>pulse_secure_desktop_client>>9.1

cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r8.2:*:*:*:linux:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601	support@hackerone.com	Vendor Advisory

Hyperlink: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601

Source: support@hackerone.com

Resource:

Vendor Advisory

Similar CVEs

6Records found

Matching Score-8

Assigner-HackerOne

Matching Score-8

Assigner-HackerOne

CVSS Score-7.8||HIGH

EPSS-0.35% / 56.94%

||

7 Day CHG~0.00%

Published-28 Oct, 2020 | 12:41

Updated-04 Aug, 2024 | 09:56

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.

Vendor-n/a Pulse Secure

Product-pulse_secure_desktop_client Pulse Secure Desktop Client

Matching Score-8

Assigner-HackerOne

Matching Score-8

Assigner-HackerOne

CVSS Score-7.8||HIGH

EPSS-0.04% / 13.30%

||

7 Day CHG~0.00%

Published-28 Oct, 2020 | 12:41

Updated-04 Aug, 2024 | 09:56

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Windows PDC if the Embedded Browser is configured with the Credential Provider.

Vendor-n/a Pulse Secure

Product-pulse_secure_desktop_client Pulse Secure Desktop Client

Matching Score-8

Assigner-HackerOne

Matching Score-8

Assigner-HackerOne

CVSS Score-7.8||HIGH

EPSS-0.65% / 70.38%

||

7 Day CHG~0.00%

Published-28 Oct, 2020 | 12:40

Updated-04 Aug, 2024 | 09:56

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow.

Vendor-n/a Pulse Secure

Product-pulse_secure_desktop_client Pulse Secure Desktop Client

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Matching Score-8

Assigner-MITRE Corporation

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-7.8||HIGH

EPSS-0.06% / 17.75%

||

7 Day CHG~0.00%

Published-06 Sep, 2018 | 23:00

Updated-05 Aug, 2024 | 10:10

The Pulse Secure Desktop (macOS) has a Privilege Escalation Vulnerability.

Vendor-n/a Pulse Secure

Product-pulse_secure_desktop_client n/a

Matching Score-8

Assigner-MITRE Corporation

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-6.8||MEDIUM

EPSS-0.03% / 8.27%

||

7 Day CHG~0.00%

Published-06 Sep, 2018 | 23:00

Updated-05 Aug, 2024 | 10:17

In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust.

Vendor-n/a Pulse Secure

Product-pulse_secure_desktop_client n/a

CWE ID-CWE-295

Improper Certificate Validation

Matching Score-8

Assigner-MITRE Corporation

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-5.3||MEDIUM

EPSS-0.15% / 35.85%

||

7 Day CHG~0.00%

Published-06 Sep, 2018 | 23:00

Updated-05 Aug, 2024 | 10:01

The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability.

Vendor-n/a Pulse Secure

Product-pulse_secure_desktop_client n/a

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')