A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions before 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pulsesecure pulse secure desktop client 9.1 |
||
pulsesecure pulse secure desktop client 9.0 |
||
pulsesecure pulse secure desktop client 5.3 |
||
pulsesecure pulse secure installer service 8.3 |
||
pulsesecure pulse secure installer service 9.1 |