CVE-2018-5299 — Out-of-bounds Write in Pulse Connect Secure

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

2.5%

top 14.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pulsesecure Pulse Connect Secure Pulsesecure Pulse Policy Secure

Timeline

PublishedJan 16

Latest updateMay 13

Description

A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption and possibly remote code execution.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDpulsesecure/pulse_policy_secure5.4r1 — 5.4r3

▶NVDpulsesecure/pulse_connect_secure8.3r1 — 8.3r3

Patches

Patch: kb.pulsesecure.net ↗Patch: kb.pulsesecure.net ↗

🔴Vulnerability Details

GHSA

GHSA-5hg9-5xp3-rm7g: A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8↗2022-05-13

▶

CVEList

CVE-2018-5299: A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8↗2018-01-16

▶