CVE-2020-13162

HIGH

Pulse Secure Client <9.1.6-5.3 R70 - Privilege Escalation

Title source: llm
STIX 2.1

Description

A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges.

Exploits (1)

nomisec WORKING POC 10 stars
by redtimmy · poc
https://github.com/redtimmy/tu-TOCTOU-kaiu-TOCMEU-CVE-2020-13162-

References (10)

Core 10
Core References
Vendor Advisory x_refsource_misc
https://kb.pulsesecure.net/?atype=sa
Third Party Advisory x_refsource_misc
https://twitter.com/sepcali/status/1262551597990711296
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Jun/25
Third Party Advisory x_refsource_misc
https://twitter.com/gsepcali/status/1262551597990711296
Third Party Advisory x_refsource_misc
https://twitter.com/gsepcali/status/1272927080909623297
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Sep/15

Scores

CVSS v3 7.0
EPSS 0.0035
EPSS Percentile 57.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-367
Status published
Products (5)
pulsesecure/pulse_secure_desktop_client 5.3 r1.0 (10 CPE variants)
pulsesecure/pulse_secure_desktop_client 9.0 r1.0 (9 CPE variants)
pulsesecure/pulse_secure_desktop_client 9.1 r1.0 (10 CPE variants)
pulsesecure/pulse_secure_installer_service 8.3
pulsesecure/pulse_secure_installer_service 9.1 (2 CPE variants)
Published Jun 16, 2020
Tracked Since Feb 18, 2026