CVE-2018-6374
First published: Wed Jan 31 2018(Updated: )
The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. This can lead to the manipulation of the Pulse Connection set.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pulse Secure Desktop Client for Linux | <5.2r9.2 | |
| Pulse Secure Desktop Client for Linux | <5.3r4.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-6374?
CVE-2018-6374 is considered a high severity vulnerability due to its potential to allow unauthorized manipulation of the Pulse Connection set.
How do I fix CVE-2018-6374?
To fix CVE-2018-6374, upgrade your Pulse Secure Desktop Linux Client to version PULSE5.2R9.2 or PULSE5.3R4.2 or later.
Which versions of Pulse Secure Desktop Linux clients are affected by CVE-2018-6374?
CVE-2018-6374 affects Pulse Secure Desktop Linux clients before versions PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2.
What are the consequences of the CVE-2018-6374 vulnerability?
The consequences of CVE-2018-6374 include potential interception and manipulation of data transmitted through the Pulse Secure connection.
Is there a workaround for CVE-2018-6374 while I upgrade my software?
There are no documented workarounds for CVE-2018-6374; upgrading to a secure version is the recommended solution.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/severity
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/pulsesecure
- canonical/pulse secure desktop client for linux