CVE-2020-8240

Name of the Vulnerable Software and Affected Versions Pulse Secure Desktop Client versions prior to 9.1R9

Description A vulnerability allows a restricted user on an endpoint machine to use system-level privileges if the Embedded Browser is configured with Credential Provider. This issue only affects Windows Pulse Secure Desktop Client when the Embedded Browser is set up with the Credential Provider.

Recommendations For Pulse Secure Desktop Client versions prior to 9.1R9, update to version 9.1R9 or later to resolve the issue. As a temporary workaround, consider disabling the Embedded Browser's Credential Provider configuration until a patch is available.