Vulnerability-Lookup

CVE-2020-13162 (GCVE-0-2020-13162)

Vulnerability from cvelistv5 – Published: 2020-06-16 19:41 – Updated: 2025-05-05 17:08

Summary

A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges.

Severity ?

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

mitre

References

URL

Tags

	https://kb.pulsesecure.net/?atype=sa	x_refsource_MISC
	https://twitter.com/sepcali/status/1262551597990711296	x_refsource_MISC
	http://seclists.org/fulldisclosure/2020/Jun/25	mailing-listx_refsource_FULLDISC
	https://www.redtimmy.com/privilege-escalation/pul…	x_refsource_MISC
	http://packetstormsecurity.com/files/158117/Pulse…	x_refsource_MISC
	https://kb.pulsesecure.net/articles/Pulse_Securit…	x_refsource_CONFIRM
	https://twitter.com/gsepcali/status/1262551597990711296	x_refsource_MISC
	https://twitter.com/gsepcali/status/1272927080909623297	x_refsource_MISC
	http://seclists.org/fulldisclosure/2020/Sep/15	mailing-listx_refsource_FULLDISC
	http://packetstormsecurity.com/files/159065/Pulse…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:11:19.431Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/?atype=sa"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://twitter.com/sepcali/status/1262551597990711296"
          },
          {
            "name": "20200616 Pulse Secure Client \u003c 9.1R6 TOCTOU Privilege Escalation (CVE-2020-13162)",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2020/Jun/25"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/158117/Pulse-Secure-Client-For-Windows-Local-Privilege-Escalation.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44503"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://twitter.com/gsepcali/status/1262551597990711296"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://twitter.com/gsepcali/status/1272927080909623297"
          },
          {
            "name": "20200904 Pulse Secure Windows Client \u003c9.1.6 (CVE-2020-13162) - exploit",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2020/Sep/15"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/159065/Pulse-Secure-Windows-Client-Privilege-Escalation.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-13162",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:29:43.978282Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-367",
                "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-05T17:08:09.077Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-04T21:06:10.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.pulsesecure.net/?atype=sa"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://twitter.com/sepcali/status/1262551597990711296"
        },
        {
          "name": "20200616 Pulse Secure Client \u003c 9.1R6 TOCTOU Privilege Escalation (CVE-2020-13162)",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2020/Jun/25"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/158117/Pulse-Secure-Client-For-Windows-Local-Privilege-Escalation.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44503"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://twitter.com/gsepcali/status/1262551597990711296"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://twitter.com/gsepcali/status/1272927080909623297"
        },
        {
          "name": "20200904 Pulse Secure Windows Client \u003c9.1.6 (CVE-2020-13162) - exploit",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2020/Sep/15"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/159065/Pulse-Secure-Windows-Client-Privilege-Escalation.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-13162",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.pulsesecure.net/?atype=sa",
              "refsource": "MISC",
              "url": "https://kb.pulsesecure.net/?atype=sa"
            },
            {
              "name": "https://twitter.com/sepcali/status/1262551597990711296",
              "refsource": "MISC",
              "url": "https://twitter.com/sepcali/status/1262551597990711296"
            },
            {
              "name": "20200616 Pulse Secure Client \u003c 9.1R6 TOCTOU Privilege Escalation (CVE-2020-13162)",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2020/Jun/25"
            },
            {
              "name": "https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/",
              "refsource": "MISC",
              "url": "https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/"
            },
            {
              "name": "http://packetstormsecurity.com/files/158117/Pulse-Secure-Client-For-Windows-Local-Privilege-Escalation.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/158117/Pulse-Secure-Client-For-Windows-Local-Privilege-Escalation.html"
            },
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44503",
              "refsource": "CONFIRM",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44503"
            },
            {
              "name": "https://twitter.com/gsepcali/status/1262551597990711296",
              "refsource": "MISC",
              "url": "https://twitter.com/gsepcali/status/1262551597990711296"
            },
            {
              "name": "https://twitter.com/gsepcali/status/1272927080909623297",
              "refsource": "MISC",
              "url": "https://twitter.com/gsepcali/status/1272927080909623297"
            },
            {
              "name": "20200904 Pulse Secure Windows Client \u003c9.1.6 (CVE-2020-13162) - exploit",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2020/Sep/15"
            },
            {
              "name": "http://packetstormsecurity.com/files/159065/Pulse-Secure-Windows-Client-Privilege-Escalation.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/159065/Pulse-Secure-Windows-Client-Privilege-Escalation.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-13162",
    "datePublished": "2020-06-16T19:41:18.000Z",
    "dateReserved": "2020-05-19T00:00:00.000Z",
    "dateUpdated": "2025-05-05T17:08:09.077Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://kb.pulsesecure.net/?atype=sa\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://twitter.com/sepcali/status/1262551597990711296\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2020/Jun/25\", \"name\": \"20200616 Pulse Secure Client \u003c 9.1R6 TOCTOU Privilege Escalation (CVE-2020-13162)\", \"tags\": [\"mailing-list\", \"x_refsource_FULLDISC\", \"x_transferred\"]}, {\"url\": \"https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/158117/Pulse-Secure-Client-For-Windows-Local-Privilege-Escalation.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44503\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://twitter.com/gsepcali/status/1262551597990711296\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://twitter.com/gsepcali/status/1272927080909623297\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2020/Sep/15\", \"name\": \"20200904 Pulse Secure Windows Client \u003c9.1.6 (CVE-2020-13162) - exploit\", \"tags\": [\"mailing-list\", \"x_refsource_FULLDISC\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/159065/Pulse-Secure-Windows-Client-Privilege-Escalation.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T12:11:19.431Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-13162\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-23T13:29:43.978282Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-367\", \"description\": \"CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-05T13:25:26.201Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://kb.pulsesecure.net/?atype=sa\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://twitter.com/sepcali/status/1262551597990711296\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2020/Jun/25\", \"name\": \"20200616 Pulse Secure Client \u003c 9.1R6 TOCTOU Privilege Escalation (CVE-2020-13162)\", \"tags\": [\"mailing-list\", \"x_refsource_FULLDISC\"]}, {\"url\": \"https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://packetstormsecurity.com/files/158117/Pulse-Secure-Client-For-Windows-Local-Privilege-Escalation.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44503\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://twitter.com/gsepcali/status/1262551597990711296\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://twitter.com/gsepcali/status/1272927080909623297\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2020/Sep/15\", \"name\": \"20200904 Pulse Secure Windows Client \u003c9.1.6 (CVE-2020-13162) - exploit\", \"tags\": [\"mailing-list\", \"x_refsource_FULLDISC\"]}, {\"url\": \"http://packetstormsecurity.com/files/159065/Pulse-Secure-Windows-Client-Privilege-Escalation.html\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2020-09-04T21:06:10.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://kb.pulsesecure.net/?atype=sa\", \"name\": \"https://kb.pulsesecure.net/?atype=sa\", \"refsource\": \"MISC\"}, {\"url\": \"https://twitter.com/sepcali/status/1262551597990711296\", \"name\": \"https://twitter.com/sepcali/status/1262551597990711296\", \"refsource\": \"MISC\"}, {\"url\": \"http://seclists.org/fulldisclosure/2020/Jun/25\", \"name\": \"20200616 Pulse Secure Client \u003c 9.1R6 TOCTOU Privilege Escalation (CVE-2020-13162)\", \"refsource\": \"FULLDISC\"}, {\"url\": \"https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/\", \"name\": \"https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/\", \"refsource\": \"MISC\"}, {\"url\": \"http://packetstormsecurity.com/files/158117/Pulse-Secure-Client-For-Windows-Local-Privilege-Escalation.html\", \"name\": \"http://packetstormsecurity.com/files/158117/Pulse-Secure-Client-For-Windows-Local-Privilege-Escalation.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44503\", \"name\": \"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44503\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://twitter.com/gsepcali/status/1262551597990711296\", \"name\": \"https://twitter.com/gsepcali/status/1262551597990711296\", \"refsource\": \"MISC\"}, {\"url\": \"https://twitter.com/gsepcali/status/1272927080909623297\", \"name\": \"https://twitter.com/gsepcali/status/1272927080909623297\", \"refsource\": \"MISC\"}, {\"url\": \"http://seclists.org/fulldisclosure/2020/Sep/15\", \"name\": \"20200904 Pulse Secure Windows Client \u003c9.1.6 (CVE-2020-13162) - exploit\", \"refsource\": \"FULLDISC\"}, {\"url\": \"http://packetstormsecurity.com/files/159065/Pulse-Secure-Windows-Client-Privilege-Escalation.html\", \"name\": \"http://packetstormsecurity.com/files/159065/Pulse-Secure-Windows-Client-Privilege-Escalation.html\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2020-13162\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"cve@mitre.org\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2020-13162\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-05T17:08:09.077Z\", \"dateReserved\": \"2020-05-19T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2020-06-16T19:41:18.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-JC87-47XG-WMHR

Vulnerability from github – Published: 2022-05-24 17:20 – Updated: 2025-05-05 18:30

Details

Severity ?

7.0 (High)


                  
                    CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-13162"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-367"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-16T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges.",
  "id": "GHSA-jc87-47xg-wmhr",
  "modified": "2025-05-05T18:30:44Z",
  "published": "2022-05-24T17:20:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13162"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sepcali"
    },
    {
      "type": "WEB",
      "url": "https://kb.pulsesecure.net/?atype=sa"
    },
    {
      "type": "WEB",
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44503"
    },
    {
      "type": "WEB",
      "url": "https://twitter.com/gsepcali/status/1262551597990711296"
    },
    {
      "type": "WEB",
      "url": "https://twitter.com/gsepcali/status/1272927080909623297"
    },
    {
      "type": "WEB",
      "url": "https://twitter.com/sepcali"
    },
    {
      "type": "WEB",
      "url": "https://twitter.com/sepcali/status/1262551277940211712"
    },
    {
      "type": "WEB",
      "url": "https://twitter.com/sepcali/status/1262551336152948738"
    },
    {
      "type": "WEB",
      "url": "https://twitter.com/sepcali/status/1262551597990711296"
    },
    {
      "type": "WEB",
      "url": "https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/158117/Pulse-Secure-Client-For-Windows-Local-Privilege-Escalation.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/159065/Pulse-Secure-Windows-Client-Privilege-Escalation.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2020/Jun/25"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2020/Sep/15"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2020-13162

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-13162

Aliases

CVE-2020-13162

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-13162",
    "description": "A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges.",
    "id": "GSD-2020-13162",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2020-13162"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-13162"
      ],
      "details": "A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges.",
      "id": "GSD-2020-13162",
      "modified": "2023-12-13T01:21:46.903530Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2020-13162",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://kb.pulsesecure.net/?atype=sa",
            "refsource": "MISC",
            "url": "https://kb.pulsesecure.net/?atype=sa"
          },
          {
            "name": "https://twitter.com/sepcali/status/1262551597990711296",
            "refsource": "MISC",
            "url": "https://twitter.com/sepcali/status/1262551597990711296"
          },
          {
            "name": "20200616 Pulse Secure Client \u003c 9.1R6 TOCTOU Privilege Escalation (CVE-2020-13162)",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2020/Jun/25"
          },
          {
            "name": "https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/",
            "refsource": "MISC",
            "url": "https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/"
          },
          {
            "name": "http://packetstormsecurity.com/files/158117/Pulse-Secure-Client-For-Windows-Local-Privilege-Escalation.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/158117/Pulse-Secure-Client-For-Windows-Local-Privilege-Escalation.html"
          },
          {
            "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44503",
            "refsource": "CONFIRM",
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44503"
          },
          {
            "name": "https://twitter.com/gsepcali/status/1262551597990711296",
            "refsource": "MISC",
            "url": "https://twitter.com/gsepcali/status/1262551597990711296"
          },
          {
            "name": "https://twitter.com/gsepcali/status/1272927080909623297",
            "refsource": "MISC",
            "url": "https://twitter.com/gsepcali/status/1272927080909623297"
          },
          {
            "name": "20200904 Pulse Secure Windows Client \u003c9.1.6 (CVE-2020-13162) - exploit",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2020/Sep/15"
          },
          {
            "name": "http://packetstormsecurity.com/files/159065/Pulse-Secure-Windows-Client-Privilege-Escalation.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/159065/Pulse-Secure-Windows-Client-Privilege-Escalation.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r7.0:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r6.0:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r5.0:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.2:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.1:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.0:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3.1:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3.0:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r2.0:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r1.0:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0:r4:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0:r3:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0:r2.1:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0:r2:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0:r6.0:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0:r5.0:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0:r4.0:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0:r3.2:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0:r1.0:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r7.0:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r6.0:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r5.2:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r5.0:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r4.2:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r4.1:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r3.0:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r2.0:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r1.1:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r1.0:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_secure_installer_service:8.3:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_secure_installer_service:9.1:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_secure_installer_service:9.1:r5.0:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-13162"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-367"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/"
            },
            {
              "name": "https://kb.pulsesecure.net/?atype=sa",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://kb.pulsesecure.net/?atype=sa"
            },
            {
              "name": "https://twitter.com/sepcali/status/1262551597990711296",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://twitter.com/sepcali/status/1262551597990711296"
            },
            {
              "name": "http://packetstormsecurity.com/files/158117/Pulse-Secure-Client-For-Windows-Local-Privilege-Escalation.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/158117/Pulse-Secure-Client-For-Windows-Local-Privilege-Escalation.html"
            },
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44503",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44503"
            },
            {
              "name": "https://twitter.com/gsepcali/status/1272927080909623297",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://twitter.com/gsepcali/status/1272927080909623297"
            },
            {
              "name": "20200616 Pulse Secure Client \u003c 9.1R6 TOCTOU Privilege Escalation (CVE-2020-13162)",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2020/Jun/25"
            },
            {
              "name": "https://twitter.com/gsepcali/status/1262551597990711296",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://twitter.com/gsepcali/status/1262551597990711296"
            },
            {
              "name": "20200904 Pulse Secure Windows Client \u003c9.1.6 (CVE-2020-13162) - exploit",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2020/Sep/15"
            },
            {
              "name": "http://packetstormsecurity.com/files/159065/Pulse-Secure-Windows-Client-Privilege-Escalation.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/159065/Pulse-Secure-Windows-Client-Privilege-Escalation.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.0,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-03-01T16:02Z",
      "publishedDate": "2020-06-16T20:15Z"
    }
  }
}

CERTFR-2020-AVI-681

Vulnerability from certfr_avis - Published: 2020-10-27 - Updated: 2020-10-27

De multiples vulnérabilités ont été découvertes dans les produits Pulse Secure. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Pulse Secure	N/A	Pulse Secure Desktop Client (PDC) versions antérieures à 9.1R9
Pulse Secure	N/A	Pulse Policy Secure (PPS) versions antérieures à 9.1R9
Pulse Secure	N/A	Pulse Connect Secure (PCS) versions antérieures à 9.1R9

References

Title

Publication Time

FKIE_CVE-2020-13162

Vulnerability from fkie_nvd - Published: 2020-06-16 20:15 - Updated: 2025-05-05 17:15

Severity ?

7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/158117/Pulse-Secure-Client-For-Windows-Local-Privilege-Escalation.html	Third Party Advisory, VDB Entry
cve@mitre.org	http://packetstormsecurity.com/files/159065/Pulse-Secure-Windows-Client-Privilege-Escalation.html	Third Party Advisory, VDB Entry
cve@mitre.org	http://seclists.org/fulldisclosure/2020/Jun/25	Mailing List, Third Party Advisory
cve@mitre.org	http://seclists.org/fulldisclosure/2020/Sep/15	Mailing List, Third Party Advisory
cve@mitre.org	https://kb.pulsesecure.net/?atype=sa	Vendor Advisory
cve@mitre.org	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44503	Vendor Advisory
cve@mitre.org	https://twitter.com/gsepcali/status/1262551597990711296	Third Party Advisory
cve@mitre.org	https://twitter.com/gsepcali/status/1272927080909623297	Third Party Advisory
cve@mitre.org	https://twitter.com/sepcali/status/1262551597990711296	Third Party Advisory
cve@mitre.org	https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/158117/Pulse-Secure-Client-For-Windows-Local-Privilege-Escalation.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/159065/Pulse-Secure-Windows-Client-Privilege-Escalation.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2020/Jun/25	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2020/Sep/15	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://kb.pulsesecure.net/?atype=sa	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44503	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://twitter.com/gsepcali/status/1262551597990711296	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://twitter.com/gsepcali/status/1272927080909623297	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://twitter.com/sepcali/status/1262551597990711296	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/	Exploit, Third Party Advisory

Impacted products

Vendor	Product	Version
pulsesecure	pulse_secure_desktop_client	5.3
pulsesecure	pulse_secure_desktop_client	5.3
pulsesecure	pulse_secure_desktop_client	5.3
pulsesecure	pulse_secure_desktop_client	5.3
pulsesecure	pulse_secure_desktop_client	5.3
pulsesecure	pulse_secure_desktop_client	5.3
pulsesecure	pulse_secure_desktop_client	5.3
pulsesecure	pulse_secure_desktop_client	5.3
pulsesecure	pulse_secure_desktop_client	5.3
pulsesecure	pulse_secure_desktop_client	5.3
pulsesecure	pulse_secure_desktop_client	9.0
pulsesecure	pulse_secure_desktop_client	9.0
pulsesecure	pulse_secure_desktop_client	9.0
pulsesecure	pulse_secure_desktop_client	9.0
pulsesecure	pulse_secure_desktop_client	9.0
pulsesecure	pulse_secure_desktop_client	9.0
pulsesecure	pulse_secure_desktop_client	9.0
pulsesecure	pulse_secure_desktop_client	9.0
pulsesecure	pulse_secure_desktop_client	9.0
pulsesecure	pulse_secure_desktop_client	9.1
pulsesecure	pulse_secure_desktop_client	9.1
pulsesecure	pulse_secure_desktop_client	9.1
pulsesecure	pulse_secure_desktop_client	9.1
pulsesecure	pulse_secure_desktop_client	9.1
pulsesecure	pulse_secure_desktop_client	9.1
pulsesecure	pulse_secure_desktop_client	9.1
pulsesecure	pulse_secure_desktop_client	9.1
pulsesecure	pulse_secure_desktop_client	9.1
pulsesecure	pulse_secure_desktop_client	9.1
pulsesecure	pulse_secure_installer_service	8.3
pulsesecure	pulse_secure_installer_service	9.1
pulsesecure	pulse_secure_installer_service	9.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r1.0:*:*:*:windows:*:*",
              "matchCriteriaId": "FC05FD06-81E7-48E2-887B-A71EEB68B96C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r1.1:*:*:*:windows:*:*",
              "matchCriteriaId": "B7395FE6-4254-4271-986D-14DA838175AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r2.0:*:*:*:windows:*:*",
              "matchCriteriaId": "F43B3D72-D466-42EE-A44F-2C0E618046A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r3.0:*:*:*:windows:*:*",
              "matchCriteriaId": "819CD1D2-4246-4B5E-BB02-ADDC3E59DA83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r4.1:*:*:*:windows:*:*",
              "matchCriteriaId": "C71804A0-0D29-4C7A-A3CD-0A85671F2569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r4.2:*:*:*:windows:*:*",
              "matchCriteriaId": "71F569FA-A6B0-4F7F-BB30-1D18435D2139",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r5.0:*:*:*:windows:*:*",
              "matchCriteriaId": "84456124-EE16-415F-B857-A6A6865DDD14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r5.2:*:*:*:windows:*:*",
              "matchCriteriaId": "07D603F2-B987-4539-B62B-E503F4A37D0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r6.0:*:*:*:windows:*:*",
              "matchCriteriaId": "4E1987FB-BC32-4E6E-8F58-BACEE03A182E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3:r7.0:*:*:*:windows:*:*",
              "matchCriteriaId": "4755D673-A0F2-407E-BC4B-DD9D653DE008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0:r1.0:*:*:*:windows:*:*",
              "matchCriteriaId": "5D453E55-2173-486D-9872-3586B72DD707",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0:r2:*:*:*:windows:*:*",
              "matchCriteriaId": "D5E28726-946B-4AD5-A94C-674B2EE7C87F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0:r2.1:*:*:*:windows:*:*",
              "matchCriteriaId": "42C0631C-3BCD-428A-B54F-BA1848E1FAF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0:r3:*:*:*:windows:*:*",
              "matchCriteriaId": "18F0D950-61A9-48C7-8B13-66F8BCD807FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0:r3.2:*:*:*:windows:*:*",
              "matchCriteriaId": "C434F090-CC8F-4AE2-B78A-3B9AE8E5FABE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0:r4:*:*:*:windows:*:*",
              "matchCriteriaId": "5589243F-28FA-463E-A4EE-796E341A9C5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0:r4.0:*:*:*:windows:*:*",
              "matchCriteriaId": "A82F965F-E64E-4FA7-93E2-9539F0305CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0:r5.0:*:*:*:windows:*:*",
              "matchCriteriaId": "18FA2EB1-C30E-4C21-ACAB-57790B229532",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0:r6.0:*:*:*:windows:*:*",
              "matchCriteriaId": "26B93148-966F-4CAE-9866-A56F76ACB2D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r1.0:*:*:*:windows:*:*",
              "matchCriteriaId": "F20F27F1-A7D1-43E1-87E1-DB14225B6AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r2.0:*:*:*:windows:*:*",
              "matchCriteriaId": "754FA0D5-7EB7-40EE-8B01-4F199C1C2F8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3.0:*:*:*:windows:*:*",
              "matchCriteriaId": "BE5AB91A-ECB4-4325-ACB1-E0EE2DD58E1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3.1:*:*:*:windows:*:*",
              "matchCriteriaId": "75017203-FA52-4C5D-9B9C-E38F26852BB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.0:*:*:*:windows:*:*",
              "matchCriteriaId": "88BD9C9A-AFD3-40D5-B01D-C45EA5FFC3AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.1:*:*:*:windows:*:*",
              "matchCriteriaId": "D16AD2E8-9C7D-4EA2-8AF1-881546E97D75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.2:*:*:*:windows:*:*",
              "matchCriteriaId": "FFB49374-0F24-41BA-BC44-51DC22D27B0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r5.0:*:*:*:windows:*:*",
              "matchCriteriaId": "495D15BC-1721-47FF-AE65-C738989AE8E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r6.0:*:*:*:windows:*:*",
              "matchCriteriaId": "95FBACD3-EE26-406D-8D93-BF002DB08F16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r7.0:*:*:*:windows:*:*",
              "matchCriteriaId": "AAA0F785-EF43-4E4A-BC29-6D98AA70EF8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_installer_service:8.3:*:*:*:*:windows:*:*",
              "matchCriteriaId": "28CA5CFF-88C2-4FB8-8803-428E2CD7E30F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_installer_service:9.1:*:*:*:*:windows:*:*",
              "matchCriteriaId": "F54BB7FC-5904-4A0E-A997-F93FF647882B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_installer_service:9.1:r5.0:*:*:*:windows:*:*",
              "matchCriteriaId": "A39B2448-57FB-4407-AE46-F50CEB4F8709",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de tipo time-of-check time-of-use en el archivo PulseSecureService.exe en Pulse Secure Client versiones anteriores a 9.1.6 hasta 5.3 R70 para Windows (que se ejecuta como NT AUTHORITY/SYSTEM), permite a los usuarios sin privilegios correr un ejecutable de Microsoft Installer con privilegios elevados"
    }
  ],
  "id": "CVE-2020-13162",
  "lastModified": "2025-05-05T17:15:58.690",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-06-16T20:15:13.380",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/158117/Pulse-Secure-Client-For-Windows-Local-Privilege-Escalation.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/159065/Pulse-Secure-Windows-Client-Privilege-Escalation.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2020/Jun/25"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2020/Sep/15"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/?atype=sa"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44503"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://twitter.com/gsepcali/status/1262551597990711296"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://twitter.com/gsepcali/status/1272927080909623297"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://twitter.com/sepcali/status/1262551597990711296"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/158117/Pulse-Secure-Client-For-Windows-Local-Privilege-Escalation.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/159065/Pulse-Secure-Windows-Client-Privilege-Escalation.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2020/Jun/25"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2020/Sep/15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/?atype=sa"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44503"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://twitter.com/gsepcali/status/1262551597990711296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://twitter.com/gsepcali/status/1272927080909623297"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://twitter.com/sepcali/status/1262551597990711296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-367"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-367"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CVE-2020-13162

Vulnerability from fstec - Published: 16.06.2020

Title

Уязвимость исполняемого файла PulseSecureService.exe корпоративного SSL на основе VPN Pulse Secure Desktop Client, позволяющая нарушителю повысить свои привилегии

Description

Уязвимость исполняемого файла PulseSecureService.exe корпоративного SSL на основе VPN Pulse Secure Desktop Client вызвана «ситуацией гонки». Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии

Severity ?


                    
                      AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor

Pulsesecure

Software Name

Pulse Secure Desktop Client

Software Version

до 9.1R6 (Pulse Secure Desktop Client)

Possible Mitigations

Использование рекомендаций: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44503

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-13162 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44503 https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/

CWE

CWE-367

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Pulsesecure",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 9.1R6 (Pulse Secure Desktop Client)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44503",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "16.06.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "13.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "16.04.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-02075",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-13162",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Pulse Secure Desktop Client",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 PulseSecureService.exe \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e SSL \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 VPN Pulse Secure Desktop Client, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0421\u0438\u0442\u0443\u0430\u0446\u0438\u044f \u0433\u043e\u043d\u043a\u0438 Time-of-check Time-of-use (TOCTOU) (CWE-367)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 PulseSecureService.exe \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e SSL \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 VPN Pulse Secure Desktop Client \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u00ab\u0441\u0438\u0442\u0443\u0430\u0446\u0438\u0435\u0439 \u0433\u043e\u043d\u043a\u0438\u00bb. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u043e\u043a\u0430\u043c\u0438 \u0438 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435\u043c",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2020-13162\nhttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44503\nhttps://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-367",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7)"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-13162 (GCVE-0-2020-13162)

GHSA-JC87-47XG-WMHR

GSD-2020-13162

CERTFR-2020-AVI-681

Solution

FKIE_CVE-2020-13162

CVE-2020-13162

Tags

Sightings

Nomenclature