CVE-2020-8956

moderate-risk

Published 2020-10-27

Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 on Windows reveals users' passwords if Save Settings is enabled.

Do I need to act?

~

9.2% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

3

CVSS 3.3/10 Low

LOCAL / LOW complexity

Affected Products (11)

Pulse Secure Desktop

Pulse Secure Desktop

Pulse Secure Desktop

Pulse Secure Desktop

Pulse Secure Desktop

Pulse Secure Desktop

Pulse Secure Desktop

Pulse Secure Desktop

Pulse Secure Desktop

Pulse Secure Desktop

Pulse Secure Desktop

Affected Vendors

Pulsesecure

References (2)

Vendor Advisory https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601

Vendor Advisory https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601

39

/ 100

moderate-risk

Severity 13/34 · Low

Exploitability 10/34 · Low

Exposure 16/34 · Moderate