First published: Tue Jan 16 2018(Updated: )
A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption and possibly remote code execution.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Pulsesecure Pulse Connect Secure | >=8.3r1<=8.3r3 | |
Pulsesecure Pulse Policy Secure | >=5.4r1<=5.4r3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-5299 is a stack-based Buffer Overflow Vulnerability that exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4.
The severity of CVE-2018-5299 is critical with a CVSS score of 9.8.
CVE-2018-5299 affects Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4 by causing memory corruption and potentially allowing remote code execution.
To fix CVE-2018-5299, update Pulse Connect Secure (PCS) to version 8.3R4 or later, and update Pulse Policy Secure (PPS) to version 5.4R4 or later.
More information about CVE-2018-5299 can be found in the article linked on the Pulse Secure Knowledge Base: http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43604