A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges.
The product checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Pulse_secure_desktop_client | Pulsesecure | 5.3-r1.0 (including) | 5.3-r1.0 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 5.3-r1.1 (including) | 5.3-r1.1 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 5.3-r2.0 (including) | 5.3-r2.0 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 5.3-r3.0 (including) | 5.3-r3.0 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 5.3-r4.1 (including) | 5.3-r4.1 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 5.3-r4.2 (including) | 5.3-r4.2 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 5.3-r5.0 (including) | 5.3-r5.0 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 5.3-r5.2 (including) | 5.3-r5.2 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 5.3-r6.0 (including) | 5.3-r6.0 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 5.3-r7.0 (including) | 5.3-r7.0 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 9.0-r1.0 (including) | 9.0-r1.0 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 9.0-r2 (including) | 9.0-r2 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 9.0-r2.1 (including) | 9.0-r2.1 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 9.0-r3 (including) | 9.0-r3 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 9.0-r3.2 (including) | 9.0-r3.2 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 9.0-r4 (including) | 9.0-r4 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 9.0-r4.0 (including) | 9.0-r4.0 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 9.0-r5.0 (including) | 9.0-r5.0 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 9.0-r6.0 (including) | 9.0-r6.0 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 9.1-r1.0 (including) | 9.1-r1.0 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 9.1-r2.0 (including) | 9.1-r2.0 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 9.1-r3.0 (including) | 9.1-r3.0 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 9.1-r3.1 (including) | 9.1-r3.1 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 9.1-r4.0 (including) | 9.1-r4.0 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 9.1-r4.1 (including) | 9.1-r4.1 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 9.1-r4.2 (including) | 9.1-r4.2 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 9.1-r5.0 (including) | 9.1-r5.0 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 9.1-r6.0 (including) | 9.1-r6.0 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 9.1-r7.0 (including) | 9.1-r7.0 (including) |
| Pulse_secure_installer_service | Pulsesecure | 8.3 (including) | 8.3 (including) |
| Pulse_secure_installer_service | Pulsesecure | 9.1 (including) | 9.1 (including) |
| Pulse_secure_installer_service | Pulsesecure | 9.1-r5.0 (including) | 9.1-r5.0 (including) |