7

CVE-2020-13162

Exploit
A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PulsesecurePulse Secure Desktop Client Version5.3 Updater1.0 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version5.3 Updater1.1 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version5.3 Updater2.0 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version5.3 Updater3.0 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version5.3 Updater4.1 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version5.3 Updater4.2 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version5.3 Updater5.0 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version5.3 Updater5.2 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version5.3 Updater6.0 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version5.3 Updater7.0 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version9.0 Updater1.0 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version9.0 Updater2 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version9.0 Updater2.1 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version9.0 Updater3 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version9.0 Updater3.2 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version9.0 Updater4 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version9.0 Updater4.0 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version9.0 Updater5.0 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version9.0 Updater6.0 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version9.1 Updater1.0 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version9.1 Updater2.0 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version9.1 Updater3.0 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version9.1 Updater3.1 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version9.1 Updater4.0 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version9.1 Updater4.1 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version9.1 Updater4.2 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version9.1 Updater5.0 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version9.1 Updater6.0 SwPlatformwindows
PulsesecurePulse Secure Desktop Client Version9.1 Updater7.0 SwPlatformwindows
PulsesecurePulse Secure Installer Service Version8.3 SwPlatformwindows
PulsesecurePulse Secure Installer Service Version9.1 SwPlatformwindows
PulsesecurePulse Secure Installer Service Version9.1 Updater5.0 SwPlatformwindows
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.79% 0.515
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7 1 5.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 7 1 5.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.

https://kb.pulsesecure.net/?atype=sa
Vendor Advisory
http://packetstormsecurity.com/files/158117/Pulse-Secure-Client-For-Windows-Local-Privilege-Escalation.html
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/159065/Pulse-Secure-Windows-Client-Privilege-Escalation.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2020/Jun/25
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2020/Sep/15
Third Party Advisory
Mailing List
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44503
Vendor Advisory
https://twitter.com/gsepcali/status/1262551597990711296
Third Party Advisory
https://twitter.com/gsepcali/status/1272927080909623297
Third Party Advisory
https://twitter.com/sepcali/status/1262551597990711296
Third Party Advisory
https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/
Third Party Advisory
Exploit