CVE-2018-20809 — Improper Input Validation in Ivanti Connect Secure

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.5HIGHNVD

EPSS

3.3%

top 12.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ivanti Connect Secure Pulsesecure Pulse Policy Secure

Timeline

PublishedJun 28

Latest updateMay 24

Description

A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDpulsesecure/pulse_policy_secure6 versions+5

▶NVDivanti/connect_secure8.3

🔴Vulnerability Details

GHSA

GHSA-x2mw-2wgh-5r92: A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8↗2022-05-24

▶

CVEList

CVE-2018-20809: A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8↗2019-03-16

▶