6.9
CVSSv2

CVE-2020-13162

Published: 16/06/2020 Updated: 04/09/2020
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions before 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges.

Vulnerability Trend

Mailing Lists

We have registered CVE-2020-13162 for this vulnerability Disclosure Timeline ------------------- Vulnerability discovered: April 13th, 2020 Vendor contacted: April 15th, 2020 Vendor's reply: April 17th, 2020 Vendor patch released: May 22nd, 2020 Red Timmy Disclosure: June 16th, 2020 _______________________________________________ Sent through ...

Github Repositories

tu-TOCTOU-kai--TOCMEU-CVE-2020-13162-

A windows kernel driver to Block symbolic link exploit used for privilege escalation.

Symblock A unique windows kernel driver to protect your system from privilege escalation due to symbolic link exploits Usage Tested on Windows 10 and Windows 7 Compile the driver Update inf file according to your usage Install inf file by right click-> install Load the driver using net start drivername You can use debugview tool to get the debug message generated T

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745