2020-06-16 22:15:00 2020-06-23 18:08:00

A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges.

Vector

LOCAL

Complexity

MEDIUM

Authentication

NONE

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE
Pulsesecure Pulse secure desktop client 5.3 R1.1 * * (not an official CPE) Pulsesecure Pulse secure desktop client 5.3 R1.0 * * (not an official CPE) Pulsesecure Pulse secure installer service 9.1 R5.0 * * (not an official CPE) Pulsesecure Pulse secure installer service 9.1 * * * (not an official CPE) Pulsesecure Pulse secure installer service 8.3 * * * (not an official CPE) Pulsesecure Pulse secure desktop client 9.1 R7.0 * * (not an official CPE) Pulsesecure Pulse secure desktop client 9.1 R6.0 * * (not an official CPE) Pulsesecure Pulse secure desktop client 9.1 R5.0 * * (not an official CPE) Pulsesecure Pulse secure desktop client 9.1 R4.2 * * (not an official CPE) Pulsesecure Pulse secure desktop client 9.1 R4.1 * * (not an official CPE) Pulsesecure Pulse secure desktop client 9.1 R4.0 * * (not an official CPE) Pulsesecure Pulse secure desktop client 9.1 R3.1 * * (not an official CPE) Pulsesecure Pulse secure desktop client 9.1 R3.0 * * (not an official CPE) Pulsesecure Pulse secure desktop client 9.1 R2.0 * * (not an official CPE) Pulsesecure Pulse secure desktop client 9.1 R1.0 * * (not an official CPE) Pulsesecure Pulse secure desktop client 9.0 R6.0 * * (not an official CPE) Pulsesecure Pulse secure desktop client 9.0 R5.0 * * (not an official CPE) Pulsesecure Pulse secure desktop client 9.0 R4.0 * * (not an official CPE) Pulsesecure Pulse secure desktop client 9.0 R4 * * (not an official CPE) Pulsesecure Pulse secure desktop client 9.0 R3.2 * * (not an official CPE) Pulsesecure Pulse secure desktop client 9.0 R3 * * (not an official CPE) Pulsesecure Pulse secure desktop client 9.0 R2.1 * * (not an official CPE) Pulsesecure Pulse secure desktop client 9.0 R2 * * (not an official CPE) Pulsesecure Pulse secure desktop client 9.0 R1.0 * * (not an official CPE) Pulsesecure Pulse secure desktop client 5.3 R7.0 * * (not an official CPE) Pulsesecure Pulse secure desktop client 5.3 R6.0 * * (not an official CPE) Pulsesecure Pulse secure desktop client 5.3 R5.2 * * (not an official CPE) Pulsesecure Pulse secure desktop client 5.3 R5.0 * * (not an official CPE) Pulsesecure Pulse secure desktop client 5.3 R4.2 * * (not an official CPE) Pulsesecure Pulse secure desktop client 5.3 R4.1 * * (not an official CPE) Pulsesecure Pulse secure desktop client 5.3 R3.0 * * (not an official CPE) Pulsesecure Pulse secure desktop client 5.3 R2.0 * * (not an official CPE)