Detections
Analytics

Pulse Secure Desktop Client TOCTOU Privilege Escalation Vulnerability (SA44503)

high Nessus Plugin ID 137857

Language:

Synopsis

A VPN client installed on the remote windows system is affected by a privilege escalation vulnerability.

Description

The Pulse Secure Desktop Client installed on the remote Windows system is affected by a TOCTOU (time-of-check to time-of-use) privilege escalation vulnerability.

Solution

Upgrade to Pulse Secure Desktop Client 9.1R6 or later.

See Also

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44503

http://www.nessus.org/u?cde3544f

Plugin Details

Severity: High

ID: 137857

File Name: pulse_secure_desktop_client_SA44503.nasl

Version: 1.4

Type: local

Agent: windows

Family: Windows

Published: 6/26/2020

Updated: 10/30/2020

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2020-13162

CVSS v3

Risk Factor: High

Base Score: 7

Temporal Score: 6.3

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:pulsesecure:pulse_secure_desktop_client

Required KB Items: installed_sw/Pulse Secure Desktop Client

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/22/2020

Vulnerability Publication Date: 6/16/2020

Reference Information

CVE: CVE-2020-13162

IAVA: 2020-A-0277-S