CVE-2020-13162

High

A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for…

mitre·CWE-367·Published 2020-06-16

CVSS

7.0

EPSS

0.01

KEV

Exploits

cve.orgen

270 chars

A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges.

NVDen

270 chars

NVDes

319 chars

Una vulnerabilidad de tipo time-of-check time-of-use en el archivo PulseSecureService.exe en Pulse Secure Client versiones anteriores a 9.1.6 hasta 5.3 R70 para Windows (que se ejecuta como NT AUTHORITY/SYSTEM), permite a los usuarios sin privilegios correr un ejecutable de Microsoft Installer con privilegios elevados

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.9	3.4	10.0	AV:L/AC:M/Au:N/C:C/I:C/A:C
3.1	Primary	cve.org	7.0	—	—	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H