CVE-2018-20809
published 2019-06-28CVE-2018-20809: A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5…
PriorityP337high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
2.73%
84.2th percentile
A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | connect_secure | — | — |
| pulsesecure | pulse_policy_secure | — | — |
| pulsesecure | pulse_policy_secure | — | — |
| pulsesecure | pulse_policy_secure | — | — |
| pulsesecure | pulse_policy_secure | — | — |
| pulsesecure | pulse_policy_secure | — | — |
| pulsesecure | pulse_policy_secure | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2018-20809
vendor_ivanti·2019-06-28·CVSS 7.5
CVE-2018-20809 [HIGH] CWE-20 Ivanti Security Advisory: CVE-2018-20809
Ivanti Security Advisory: CVE-2018-20809
A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX.
CVE IDs: CVE-2018-20809
CVSS Base Score: 7.5
Severity: HIGH
CWEs: CWE-20
GHSA
GHSA-x2mw-2wgh-5r92: A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8
ghsa_unreviewed·2022-05-24
CVE-2018-20809 [HIGH] CWE-20 GHSA-x2mw-2wgh-5r92: A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8
A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-06-28
Published