Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.PULSE_SECURE_DESKTOP_CLIENT_SA44503.NASL
HistoryJun 26, 2020 - 12:00 a.m.

Pulse Secure Desktop Client TOCTOU Privilege Escalation Vulnerability (SA44503)

2020-06-2600:00:00
This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
29

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

44.3%

JSON

The Pulse Secure Desktop Client installed on the remote Windows system is affected by a TOCTOU (time-of-check to time-of-use) privilege escalation vulnerability.

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(137857);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/10/30");

  script_cve_id("CVE-2020-13162");
  script_xref(name:"IAVA", value:"2020-A-0277-S");

  script_name(english:"Pulse Secure Desktop Client TOCTOU Privilege Escalation Vulnerability (SA44503)");

  script_set_attribute(attribute:"synopsis", value:
"A VPN client installed on the remote windows system is affected by a privilege escalation vulnerability.");
  script_set_attribute(attribute:"description", value:
"The Pulse Secure Desktop Client installed on the remote Windows system is affected by a TOCTOU (time-of-check to
time-of-use) privilege escalation vulnerability.");
  # https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?cde3544f");
  script_set_attribute(attribute:"see_also", value:"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44503");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Pulse Secure Desktop Client 9.1R6 or later.");
  script_set_attribute(attribute:"agent", value:"windows");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-13162");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/06/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/05/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/26");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:pulsesecure:pulse_secure_desktop_client");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("juniper_pulse_client_installed.nbin");
  script_require_keys("installed_sw/Pulse Secure Desktop Client");

  exit(0);
}

include('vcf.inc');

app_info = vcf::get_app_info(app:'Pulse Secure Desktop Client', win_local:TRUE);

constraints = [
  # 9.1R5 or below
  # 9.0RX
  {'min_version':'9.0.0', 'fixed_version':'9.1.6', 'fixed_display':'9.1R6'},
  # 5.3RX
  {'min_version':'5.3.0', 'max_version':'5.3.99', 'fixed_version':'9.1.6', 'fixed_display':'9.1R6'}
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);

Related

nessus 1
attackerkb 1
cvelist 1
cve 1
prion 1
nvd 1
zdt 1
githubexploit 1
nessus
nessus
Pulse Secure Installer Service TOCTOU Privilege Escalation Vulnerability (SA44503)
2020-12-16 00:00:00
attackerkb
attackerkb
CVE-2020-13162
2020-06-16 00:00:00
cvelist
cvelist
CVE-2020-13162
2020-06-16 19:41:18
cve
cve
CVE-2020-13162
2020-06-16 20:15:13
prion
prion
Design/Logic Flaw
2020-06-16 20:15:00
nvd
nvd
CVE-2020-13162
2020-06-16 20:15:13
zdt
zdt
Pulse Secure Client For Windows Local Privilege Escalation Vulnerability
2020-06-16 00:00:00
githubexploit
githubexploit
Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Pulsesecure Pulse Secure Desktop Client
2020-09-02 17:58:32

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

44.3%

JSON
Related for PULSE_SECURE_DESKTOP_CLIENT_SA44503.NASL
nessus1attackerkb1cvelist1cve1prion1nvd1zdt1githubexploit1