CVE-2018-6320Improper Input Validation in Ivanti Connect Secure

CWE-20Improper Input Validation3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
3.2%
top 13.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Ivanti Connect SecurePulsesecure Pulse Connect SecurePulsesecure Pulse Policy Secure
Timeline
PublishedSep 6
Latest updateMay 13

Description

A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an http(s) Host header received from the browser is trusted without validation.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDpulsesecure/pulse_connect_secure8.1r1.0, 8.1rx, 8.3rx+2

🔴Vulnerability Details

2
GHSA
GHSA-86rc-v7r8-8fwp: A vulnerability has been discovered in login2022-05-13
CVEList
CVE-2018-6320: A vulnerability has been discovered in login2018-09-06
CVE-2018-6320 — Improper Input Validation in Ivanti | cvebase