CVE-2020-13162 — HIGH (7.0)

Vulnerability Description

A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges.

CVSS Score

7.0

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Pulsesecure	Pulse Secure Desktop Client	5.3
Pulsesecure	Pulse Secure Installer Service	8.3

Related Weaknesses (CWE)

CWE-367

References

http://packetstormsecurity.com/files/158117/Pulse-Secure-Client-For-Windows-LocaThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/159065/Pulse-Secure-Windows-Client-PrivilegThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2020/Jun/25Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2020/Sep/15Mailing ListThird Party Advisory
https://kb.pulsesecure.net/?atype=saVendor Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44503Vendor Advisory
https://twitter.com/gsepcali/status/1262551597990711296Third Party Advisory
https://twitter.com/gsepcali/status/1272927080909623297Third Party Advisory
https://twitter.com/sepcali/status/1262551597990711296Third Party Advisory
https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-ExploitThird Party Advisory
http://packetstormsecurity.com/files/158117/Pulse-Secure-Client-For-Windows-LocaThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/159065/Pulse-Secure-Windows-Client-PrivilegThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2020/Jun/25Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2020/Sep/15Mailing ListThird Party Advisory
https://kb.pulsesecure.net/?atype=saVendor Advisory

FAQ

What is CVE-2020-13162?

CVE-2020-13162 is a vulnerability with a CVSS score of 7.0 (HIGH). A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged u...

How severe is CVE-2020-13162?

CVE-2020-13162 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-13162?

Check the references section above for vendor advisories and patch information. Affected products include: Pulsesecure Pulse Secure Desktop Client, Pulsesecure Pulse Secure Installer Service.