Summary
| Detail | |||
|---|---|---|---|
| Vendor | Pulsesecure | First view | 2020-06-16 |
| Product | Pulse Secure Desktop Client | Last view | 2020-10-28 |
| Version | 9.0 | Type | Application |
| Update | r6.0 | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | windows | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:pulsesecure:pulse_secure_desktop_client | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5.4 | 2020-10-28 | CVE-2020-8263 | A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file. |
| 7.2 | 2020-10-28 | CVE-2020-8260 | A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction. |
| 4.9 | 2020-10-28 | CVE-2020-8255 | A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages. |
| 8.8 | 2020-10-28 | CVE-2020-8254 | A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security of connections between Pulse clients and Pulse Connect Secure, see below recommendation(s):Disable Dynamic certificate trust for PDC. |
| 7.8 | 2020-10-28 | CVE-2020-8250 | A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. |
| 7.8 | 2020-10-28 | CVE-2020-8249 | A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow. |
| 7.8 | 2020-10-28 | CVE-2020-8248 | A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. |
| 7.5 | 2020-10-28 | CVE-2020-8241 | A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server. |
| 7.8 | 2020-10-28 | CVE-2020-8240 | A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Windows PDC if the Embedded Browser is configured with the Credential Provider. |
| 9.8 | 2020-10-28 | CVE-2020-8239 | A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. This fix also requires Server Side Upgrade due to Standalone Host Checker Client (Windows) and Windows PDC. |
| 7 | 2020-06-16 | CVE-2020-13162 | A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 20% (1) | CWE-434 | Unrestricted Upload of File with Dangerous Type |
| 20% (1) | CWE-367 | Time-of-check Time-of-use (TOCTOU) Race Condition |
| 20% (1) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 20% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 20% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
