CVE-2018-5299
published 2018-01-16CVE-2018-5299: A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS)…
PriorityP356critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
3.06%
86.0th percentile
A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption and possibly remote code execution.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pulsesecure | pulse_connect_secure | 8.3r1 – 8.3r3 | — |
| pulsesecure | pulse_policy_secure | 5.4r1 – 5.4r3 | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5hg9-5xp3-rm7g: A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8
ghsa_unreviewed·2022-05-13
CVE-2018-5299 [CRITICAL] CWE-787 GHSA-5hg9-5xp3-rm7g: A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8
A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption and possibly remote code execution.
Ivanti
Ivanti Security Advisory: CVE-2018-5299
vendor_ivanti·2018-01-16·CVSS 9.8
CVE-2018-5299 [CRITICAL] CWE-787 Ivanti Security Advisory: CVE-2018-5299
Ivanti Security Advisory: CVE-2018-5299
A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption and possibly remote code execution.
CVE IDs: CVE-2018-5299
CVSS Base Score: 9.8
Severity: CRITICAL
CWEs: CWE-787
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-01-16
Published