CVE-2018-5299

Published: Jan 16, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption and possibly remote code execution.

Affected (2)

Products: Pulsesecure: Pulse Connect Secure, Pulse Policy Secure

Pulsesecure

2 products

Pulse Connect Secure

Pulse Policy Secure

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Pulsesecure Pulse Connect Secure	From 8.3r1 to 8.3r3
Pulsesecure Pulse Policy Secure	From 5.4r1 to 5.4r3

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43604

Source: cve@mitre.org

PatchVendor Advisory

http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43604

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.