Skip to main content

CVE-2020-13162: n/a in n/a

High
VulnerabilityCVE-2020-13162cvecve-2020-13162
Published: Tue Jun 16 2020 (06/16/2020, 19:41:18 UTC)
Source: CVE
Vendor/Project: n/a
Product: n/a

Description

A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges.

AI-Powered Analysis

AILast updated: 07/03/2025, 09:56:00 UTC

Technical Analysis

CVE-2020-13162 is a high-severity time-of-check to time-of-use (TOCTOU) vulnerability affecting the Pulse Secure Client software on Windows platforms, specifically versions prior to 9.1.6 down to 5.3 R70. The vulnerable component is PulseSecureService.exe, which runs with NT AUTHORITY/SYSTEM privileges, the highest level of privilege on Windows systems. The flaw allows an unprivileged user to execute a Microsoft Installer (MSI) executable with elevated privileges by exploiting a race condition between the time a security check is performed and the time the resource is used. This TOCTOU vulnerability (classified under CWE-367) enables privilege escalation from a low-privileged user context to SYSTEM-level execution, potentially allowing an attacker to install malicious software, modify system configurations, or gain persistent control over the affected system. The vulnerability does not require user interaction but does require local access (AV:L), and the attack complexity is high (AC:H), meaning exploitation requires specific conditions or timing. The CVSS v3.1 base score is 7.0, reflecting high impact on confidentiality, integrity, and availability due to the SYSTEM-level privileges that can be obtained. No known exploits in the wild have been reported, and no official patches are linked in the provided data, though vendor updates after version 9.1.6 presumably address this issue.

Potential Impact

For European organizations, this vulnerability poses a significant risk, especially for enterprises using Pulse Secure VPN clients to provide remote access to corporate networks. Successful exploitation could allow an insider or an attacker with limited local access to escalate privileges and compromise endpoint security, leading to unauthorized access to sensitive data, disruption of services, or lateral movement within the network. Given the widespread use of Pulse Secure VPN solutions in sectors such as finance, healthcare, government, and critical infrastructure across Europe, exploitation could result in data breaches, operational downtime, and regulatory non-compliance under GDPR. The SYSTEM-level access gained could also facilitate deployment of ransomware or other malware, amplifying the threat impact. The lack of known public exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits over time.

Mitigation Recommendations

European organizations should prioritize upgrading Pulse Secure Client installations to version 9.1.6 or later, where this vulnerability is addressed. In the absence of immediate patch availability, organizations should restrict local user access on systems running vulnerable versions, enforce strict endpoint security policies, and monitor for suspicious MSI execution activities. Employ application whitelisting to prevent unauthorized MSI installations and use endpoint detection and response (EDR) tools to detect anomalous privilege escalation attempts. Network segmentation should be enforced to limit the impact of compromised endpoints. Additionally, organizations should conduct regular audits of installed software versions and ensure that VPN clients are updated promptly. User training to recognize potential local attack vectors and enforcing the principle of least privilege for local accounts can further reduce risk.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2020-05-19T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d981dc4522896dcbdb16d

Added to database: 5/21/2025, 9:08:45 AM

Last enriched: 7/3/2025, 9:56:00 AM

Last updated: 8/17/2025, 3:47:44 PM

Views: 14

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats