← Back

CVE-2020-13162

nvd nist
Published: Jun 16, 2020Modified: May 5, 2025

JSON object

Loading...
7.0
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.0 / Impact: 5.9
Source: NVD

Description

A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges.

Affected (32)

Pulsesecure
2 products
Pulse Secure Desktop Client
Pulse Secure Installer Service
Configuration A
32 vulnerable
Vulnerable SoftwareAffected Versions
Pulsesecure
Pulse Secure Desktop Client
Version 5.3 r1.0
Pulse Secure Desktop Client
Version 5.3 r1.1
Pulse Secure Desktop Client
Version 5.3 r2.0
Pulse Secure Desktop Client
Version 5.3 r3.0
Pulse Secure Desktop Client
Version 5.3 r4.1
Pulse Secure Desktop Client
Version 5.3 r4.2
Pulse Secure Desktop Client
Version 5.3 r5.0
Pulse Secure Desktop Client
Version 5.3 r5.2
Pulse Secure Desktop Client
Version 5.3 r6.0
Pulse Secure Desktop Client
Version 5.3 r7.0
Pulse Secure Desktop Client
Version 9.0 r1.0
Pulse Secure Desktop Client
Version 9.0 r2.1
Pulse Secure Desktop Client
Version 9.0 r2
Pulse Secure Desktop Client
Version 9.0 r3.2
Pulse Secure Desktop Client
Version 9.0 r3
Pulse Secure Desktop Client
Version 9.0 r4.0
Pulse Secure Desktop Client
Version 9.0 r4
Pulse Secure Desktop Client
Version 9.0 r5.0
Pulse Secure Desktop Client
Version 9.0 r6.0
Pulse Secure Desktop Client
Version 9.1 r1.0
Pulse Secure Desktop Client
Version 9.1 r2.0
Pulse Secure Desktop Client
Version 9.1 r3.0
Pulse Secure Desktop Client
Version 9.1 r3.1
Pulse Secure Desktop Client
Version 9.1 r4.0
Pulse Secure Desktop Client
Version 9.1 r4.1
Pulse Secure Desktop Client
Version 9.1 r4.2
Pulse Secure Desktop Client
Version 9.1 r5.0
Pulse Secure Desktop Client
Version 9.1 r6.0
Pulse Secure Desktop Client
Version 9.1 r7.0
Pulsesecure
Pulse Secure Installer Service
Version 8.3
Pulse Secure Installer Service
Version 9.1
Pulse Secure Installer Service
Version 9.1 r5.0

Related CWEs

CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.

References (20)

Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.