Detections
Analytics
Pulse Secure Installer Service TOCTOU Privilege Escalation Vulnerability (SA44503)
high Nessus Plugin ID 144327
Language:
Synopsis
A VPN client installed on the remote windows system is affected by a privilege escalation vulnerability.Description
The Pulse Secure Installer Service installed on the remote Windows system is affected by a TOCTOU (time-of-check to time-of-use) privilege escalation vulnerability.Solution
Upgrade to Pulse Secure Installer Service 9.1R6 or later.See Also
http://www.nessus.org/u?cde3544f
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44503
Plugin Details
Severity: High
ID: 144327
File Name: pulse_secure_installer_service_SA44503.nasl
Version: 1.1
Type: local
Agent: windows
Family: Windows
Published: 12/16/2020
Updated: 12/16/2020
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 6.9
Temporal Score: 5.4
Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2020-13162
CVSS v3
Risk Factor: High
Base Score: 7
Temporal Score: 6.3
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:pulsesecure:pulse_secure_installer_service
Required KB Items: installed_sw/Pulse Secure Installer Service
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 5/22/2020
Vulnerability Publication Date: 6/16/2020
Reference Information
CVE: CVE-2020-13162
IAVA: 2020-A-0277-S