First published: Tue Jun 16 2020(Updated: )
A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Pulsesecure Pulse Secure Desktop Client | =5.3-r1.0 | |
Pulsesecure Pulse Secure Desktop Client | =5.3-r1.1 | |
Pulsesecure Pulse Secure Desktop Client | =5.3-r2.0 | |
Pulsesecure Pulse Secure Desktop Client | =5.3-r3.0 | |
Pulsesecure Pulse Secure Desktop Client | =5.3-r4.1 | |
Pulsesecure Pulse Secure Desktop Client | =5.3-r4.2 | |
Pulsesecure Pulse Secure Desktop Client | =5.3-r5.0 | |
Pulsesecure Pulse Secure Desktop Client | =5.3-r5.2 | |
Pulsesecure Pulse Secure Desktop Client | =5.3-r6.0 | |
Pulsesecure Pulse Secure Desktop Client | =5.3-r7.0 | |
Pulsesecure Pulse Secure Desktop Client | =9.0-r1.0 | |
Pulsesecure Pulse Secure Desktop Client | =9.0-r2 | |
Pulsesecure Pulse Secure Desktop Client | =9.0-r2.1 | |
Pulsesecure Pulse Secure Desktop Client | =9.0-r3 | |
Pulsesecure Pulse Secure Desktop Client | =9.0-r3.2 | |
Pulsesecure Pulse Secure Desktop Client | =9.0-r4 | |
Pulsesecure Pulse Secure Desktop Client | =9.0-r4.0 | |
Pulsesecure Pulse Secure Desktop Client | =9.0-r5.0 | |
Pulsesecure Pulse Secure Desktop Client | =9.0-r6.0 | |
Pulsesecure Pulse Secure Desktop Client | =9.1-r1.0 | |
Pulsesecure Pulse Secure Desktop Client | =9.1-r2.0 | |
Pulsesecure Pulse Secure Desktop Client | =9.1-r3.0 | |
Pulsesecure Pulse Secure Desktop Client | =9.1-r3.1 | |
Pulsesecure Pulse Secure Desktop Client | =9.1-r4.0 | |
Pulsesecure Pulse Secure Desktop Client | =9.1-r4.1 | |
Pulsesecure Pulse Secure Desktop Client | =9.1-r4.2 | |
Pulsesecure Pulse Secure Desktop Client | =9.1-r5.0 | |
Pulsesecure Pulse Secure Desktop Client | =9.1-r6.0 | |
Pulsesecure Pulse Secure Desktop Client | =9.1-r7.0 | |
Pulsesecure Pulse Secure Installer Service | =8.3 | |
Pulsesecure Pulse Secure Installer Service | =9.1 | |
Pulsesecure Pulse Secure Installer Service | =9.1-r5.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-13162 is a time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows.
The severity of CVE-2020-13162 is high, with a severity value of 7.
CVE-2020-13162 affects Pulse Secure Desktop Client versions 5.3 R1.0 to 5.3 R70 for Windows.
CVE-2020-13162 allows unprivileged users to run a Microsoft Installer executable with elevated privileges.
Yes, the fix for CVE-2020-13162 is to upgrade to Pulse Secure Client version 9.1.6 or later.