What is CVE-2018-7572?

CVE-2018-7572 is a vulnerability in Pulse Secure Client that allows attackers to bypass Windows authentication and execute commands with the client's privileges.

What is the severity of CVE-2018-7572?

The severity of CVE-2018-7572 is high, with a CVSS score of 6.8.

How can an attacker exploit CVE-2018-7572?

To exploit CVE-2018-7572, the attacker must interrupt the client's network connection and execute commands with the privileges of the Pulse Secure Client.

Is there a fix for CVE-2018-7572?

Yes, Pulse Secure released a fix for CVE-2018-7572 in version 5.3R5 of Pulse Secure Client.

Vulnerability/
CVE-2018-7572

high

7.2

CWE

287

12/9/2018

5/8/2024

CVE-2018-7572

First published: Wed Sep 12 2018(Updated: )

Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client. The attacker must interrupt the client's network connectivity, and trigger a connection to a crafted proxy server with an invalid SSL certificate that allows certification-manager access, leading to the ability to browse local files and execute local programs.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Pulse Secure Desktop	=5.3r1.0
Pulse Secure Desktop	=5.3r1.1
Pulse Secure Desktop	=5.3r2.0
Pulse Secure Desktop	=5.3r3.0
Pulse Secure Desktop	=5.3r4.0
Pulse Secure Desktop	=5.3r4.1
Pulse Secure Desktop	=5.3r4.2
Pulse Secure Desktop	=5.3rx
Pulse Secure Desktop	=9.0r1.0

Never miss a vulnerability like this again

Reference Links

https://www.mdsec.co.uk/2018/09/advisory-cve-2018-7572-pulse-secure-client-authentication-bypass/

Frequently Asked Questions

What is CVE-2018-7572?
CVE-2018-7572 is a vulnerability in Pulse Secure Client that allows attackers to bypass Windows authentication and execute commands with the client's privileges.
What is the severity of CVE-2018-7572?
The severity of CVE-2018-7572 is high, with a CVSS score of 6.8.
How does CVE-2018-7572 affect Pulse Secure Client?
CVE-2018-7572 affects Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5 when configured to authenticate VPN users during Windows Logon.
How can an attacker exploit CVE-2018-7572?
To exploit CVE-2018-7572, the attacker must interrupt the client's network connection and execute commands with the privileges of the Pulse Secure Client.
Is there a fix for CVE-2018-7572?
Yes, Pulse Secure released a fix for CVE-2018-7572 in version 5.3R5 of Pulse Secure Client.

agent/type
collector/mitre-cve
source/MITRE
agent/references
agent/severity
agent/author
agent/weakness
agent/last-modified-date
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/pulsesecure
canonical/pulse secure desktop
version/pulse secure desktop/5.3r1.0
version/pulse secure desktop/5.3r1.1
version/pulse secure desktop/5.3r2.0
version/pulse secure desktop/5.3r3.0
version/pulse secure desktop/5.3r4.0
version/pulse secure desktop/5.3r4.1
version/pulse secure desktop/5.3r4.2
version/pulse secure desktop/5.3rx
version/pulse secure desktop/9.0r1.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.