7
CVE-2020-13162
- EPSS 0.35%
- Published 16.06.2020 20:15:13
- Last modified 05.05.2025 17:15:58
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges.
Data is provided by the National Vulnerability Database (NVD)
Pulsesecure ≫ Pulse Secure Desktop Client Version5.3 Updater1.0 SwPlatformwindows
Pulsesecure ≫ Pulse Secure Desktop Client Version5.3 Updater1.1 SwPlatformwindows
Pulsesecure ≫ Pulse Secure Desktop Client Version5.3 Updater2.0 SwPlatformwindows
Pulsesecure ≫ Pulse Secure Desktop Client Version5.3 Updater3.0 SwPlatformwindows
Pulsesecure ≫ Pulse Secure Desktop Client Version5.3 Updater4.1 SwPlatformwindows
Pulsesecure ≫ Pulse Secure Desktop Client Version5.3 Updater4.2 SwPlatformwindows
Pulsesecure ≫ Pulse Secure Desktop Client Version5.3 Updater5.0 SwPlatformwindows
Pulsesecure ≫ Pulse Secure Desktop Client Version5.3 Updater5.2 SwPlatformwindows
Pulsesecure ≫ Pulse Secure Desktop Client Version5.3 Updater6.0 SwPlatformwindows
Pulsesecure ≫ Pulse Secure Desktop Client Version5.3 Updater7.0 SwPlatformwindows
Pulsesecure ≫ Pulse Secure Desktop Client Version9.0 Updater1.0 SwPlatformwindows
Pulsesecure ≫ Pulse Secure Desktop Client Version9.0 Updater2 SwPlatformwindows
Pulsesecure ≫ Pulse Secure Desktop Client Version9.0 Updater2.1 SwPlatformwindows
Pulsesecure ≫ Pulse Secure Desktop Client Version9.0 Updater3 SwPlatformwindows
Pulsesecure ≫ Pulse Secure Desktop Client Version9.0 Updater3.2 SwPlatformwindows
Pulsesecure ≫ Pulse Secure Desktop Client Version9.0 Updater4 SwPlatformwindows
Pulsesecure ≫ Pulse Secure Desktop Client Version9.0 Updater4.0 SwPlatformwindows
Pulsesecure ≫ Pulse Secure Desktop Client Version9.0 Updater5.0 SwPlatformwindows
Pulsesecure ≫ Pulse Secure Desktop Client Version9.0 Updater6.0 SwPlatformwindows
Pulsesecure ≫ Pulse Secure Desktop Client Version9.1 Updater1.0 SwPlatformwindows
Pulsesecure ≫ Pulse Secure Desktop Client Version9.1 Updater2.0 SwPlatformwindows
Pulsesecure ≫ Pulse Secure Desktop Client Version9.1 Updater3.0 SwPlatformwindows
Pulsesecure ≫ Pulse Secure Desktop Client Version9.1 Updater3.1 SwPlatformwindows
Pulsesecure ≫ Pulse Secure Desktop Client Version9.1 Updater4.0 SwPlatformwindows
Pulsesecure ≫ Pulse Secure Desktop Client Version9.1 Updater4.1 SwPlatformwindows
Pulsesecure ≫ Pulse Secure Desktop Client Version9.1 Updater4.2 SwPlatformwindows
Pulsesecure ≫ Pulse Secure Desktop Client Version9.1 Updater5.0 SwPlatformwindows
Pulsesecure ≫ Pulse Secure Desktop Client Version9.1 Updater6.0 SwPlatformwindows
Pulsesecure ≫ Pulse Secure Desktop Client Version9.1 Updater7.0 SwPlatformwindows
Pulsesecure ≫ Pulse Secure Installer Service Version8.3 SwPlatformwindows
Pulsesecure ≫ Pulse Secure Installer Service Version9.1 SwPlatformwindows
Pulsesecure ≫ Pulse Secure Installer Service Version9.1 Updater5.0 SwPlatformwindows
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.35% | 0.542 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7 | 1 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.9 | 3.4 | 10 |
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7 | 1 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.