![]() ![]() An administrator can also disable “Allow saving logon information” under Pulse Secure Connection Set Options to mitigate this issue. This issue was fixed in 9.1R4 and the above versions to enhance the security. This vulnerability only affects Windows PDC. The malicious actor can decrypt the saved password if the “Save settings” option is selected in the client while entering the password. This fix also requires Server Side Upgrade due to Standalone Host Checker Client (Windows) and Windows PDC.ģ.8 Low CVSS:3.0/ AV:L /AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N Pulse Secure Desktop Client is vulnerable to client registry privilege escalation attack. To improve the security of connections between Pulse clients and Pulse Connect Secure, see below recommendation(s):ĥ.9 Medium CVSS:3.0/ AV:N /AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N ![]() Pulse Secure Desktop Client has Remote Code Execution (RCE) if users are convinced to connect to a malicious server. An administrator can disable either one of the options to mitigate this issue.Ħ.8 Medium CVSS:3.0/ AV:N /AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H This vulnerability is only exploitable when Embedded Browser is configured along with Credential Provider. This vulnerability only affects Windows PDC if the Embedded Browser is configured with the Credential Provider.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |