cbcvebase.
CVE-2018-20809
published 2019-06-28

CVE-2018-20809: A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5…

PriorityP337high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
2.73%
84.2th percentile
A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX.

Affected

7 ranges
VendorProductVersion rangeFixed in
ivanticonnect_secure
pulsesecurepulse_policy_secure
pulsesecurepulse_policy_secure
pulsesecurepulse_policy_secure
pulsesecurepulse_policy_secure
pulsesecurepulse_policy_secure
pulsesecurepulse_policy_secure

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.