CVE-2020-13162

🗓️ 16 Jun 2020 19:41:18Reported by mitreType

A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows allows unprivileged users to run a Microsoft Installer executable with elevated privileges

Reporter	Title	Published	Views	Family All 15
0day.today	Pulse Secure Client For Windows Local Privilege Escalation Vulnerability	16 Jun 202000:00	–	zdt
GithubExploit	Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Pulsesecure Pulse_Secure_Desktop_Client	2 Sep 202017:58	–	githubexploit
ATTACKERKB	CVE-2020-13162	16 Jun 202000:00	–	attackerkb
Circl	CVE-2020-13162	2 Sep 202020:27	–	circl
Cvelist	CVE-2020-13162	16 Jun 202019:41	–	cvelist
EUVD	EUVD-2020-5435	7 Oct 202500:30	–	euvd
Ivanti	2020-06: Out-of-Cycle Advisory: Pulse Secure Client TOCTOU Privilege Escalation Vulnerability (CVE-2020-13162)	14 Feb 202307:22	–	ivanti
NCSC	Vulnerability fixed in Pulse Secure Client for Windows	18 Jun 202000:00	–	ncsc
NVD	CVE-2020-13162	16 Jun 202020:15	–	nvd
OSV	CVE-2020-13162	16 Jun 202020:15	–	osv

NVD

Node

pulsesecure pulse_secure_desktop_clientMatch5.3r1.0windows

pulsesecure pulse_secure_desktop_clientMatch5.3r1.1windows

pulsesecure pulse_secure_desktop_clientMatch5.3r2.0windows

pulsesecure pulse_secure_desktop_clientMatch5.3r3.0windows

pulsesecure pulse_secure_desktop_clientMatch5.3r4.1windows

pulsesecure pulse_secure_desktop_clientMatch5.3r4.2windows

pulsesecure pulse_secure_desktop_clientMatch5.3r5.0windows

pulsesecure pulse_secure_desktop_clientMatch5.3r5.2windows

pulsesecure pulse_secure_desktop_clientMatch5.3r6.0windows

pulsesecure pulse_secure_desktop_clientMatch5.3r7.0windows

pulsesecure pulse_secure_desktop_clientMatch9.0r1.0windows

pulsesecure pulse_secure_desktop_clientMatch9.0r2windows

pulsesecure pulse_secure_desktop_clientMatch9.0r2.1windows

pulsesecure pulse_secure_desktop_clientMatch9.0r3windows

pulsesecure pulse_secure_desktop_clientMatch9.0r3.2windows

pulsesecure pulse_secure_desktop_clientMatch9.0r4windows

pulsesecure pulse_secure_desktop_clientMatch9.0r4.0windows

pulsesecure pulse_secure_desktop_clientMatch9.0r5.0windows

pulsesecure pulse_secure_desktop_clientMatch9.0r6.0windows

pulsesecure pulse_secure_desktop_clientMatch9.1r1.0windows

pulsesecure pulse_secure_desktop_clientMatch9.1r2.0windows

pulsesecure pulse_secure_desktop_clientMatch9.1r3.0windows

pulsesecure pulse_secure_desktop_clientMatch9.1r3.1windows

pulsesecure pulse_secure_desktop_clientMatch9.1r4.0windows

pulsesecure pulse_secure_desktop_clientMatch9.1r4.1windows

pulsesecure pulse_secure_desktop_clientMatch9.1r4.2windows

pulsesecure pulse_secure_desktop_clientMatch9.1r5.0windows

pulsesecure pulse_secure_desktop_clientMatch9.1r6.0windows

pulsesecure pulse_secure_desktop_clientMatch9.1r7.0windows

pulsesecure pulse_secure_installer_serviceMatch8.3windows

pulsesecure pulse_secure_installer_serviceMatch9.1windows

pulsesecure pulse_secure_installer_serviceMatch9.1r5.0windows

Source	Link
twitter	www.twitter.com/gsepcali/status/1262551597990711296
twitter	www.twitter.com/sepcali/status/1262551597990711296
kb	www.kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44503
twitter	www.twitter.com/gsepcali/status/1272927080909623297
packetstormsecurity	www.packetstormsecurity.com/files/159065/Pulse-Secure-Windows-Client-Privilege-Escalation.html
packetstormsecurity	www.packetstormsecurity.com/files/158117/Pulse-Secure-Client-For-Windows-Local-Privilege-Escalation.html
redtimmy	www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/
seclists	www.seclists.org/fulldisclosure/2020/Jun/25
seclists	www.seclists.org/fulldisclosure/2020/Sep/15
kb	www.kb.pulsesecure.net/

05 May 2025 17:15Current

6.6Medium risk

Vulners AI Score6.6

CVSS 26.9

CVSS 3.17

EPSS0.00347

SSVC

CWE-367