CVE-2018-6374

Published: Jan 31, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Exploitability: 3.9 / Impact: 2.5

Source: NVD

Description

The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. This can lead to the manipulation of the Pulse Connection set.

Affected (2)

Products: Pulsesecure: Desktop Linux Client

Pulsesecure

1 product

Desktop Linux Client

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pulsesecure Desktop Linux Client	Before 5.2r9.2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Pulsesecure Desktop Linux Client	Before 5.3r4.2

Related CWEs

CWE-295

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

References (4)

http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43620

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/102908

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43620

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/102908

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.