CVE-2018-7572
published 2018-09-12CVE-2018-7572: Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows…
PriorityP429medium6.8CVSS 3.0
AVPACLPRNUINSUCHIHAH
EPSS
0.36%
28.3th percentile
Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client. The attacker must interrupt the client's network connectivity, and trigger a connection to a crafted proxy server with an invalid SSL certificate that allows certification-manager access, leading to the ability to browse local files and execute local programs.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pulsesecure | pulse_secure_desktop | — | — |
| pulsesecure | pulse_secure_desktop | — | — |
| pulsesecure | pulse_secure_desktop | — | — |
| pulsesecure | pulse_secure_desktop | — | — |
| pulsesecure | pulse_secure_desktop | — | — |
| pulsesecure | pulse_secure_desktop | — | — |
| pulsesecure | pulse_secure_desktop | — | — |
| pulsesecure | pulse_secure_desktop | — | — |
| pulsesecure | pulse_secure_desktop | — | — |
CVSS provenance
nvdv3.06.8MEDIUMCVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2018-7572
vendor_ivanti·2018-09-12·CVSS 6.8
CVE-2018-7572 [MEDIUM] CWE-287 Ivanti Security Advisory: CVE-2018-7572
Ivanti Security Advisory: CVE-2018-7572
Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client. The attacker must interrupt the client's network connectivity, and trigger a connection to a crafted proxy server with an invalid SSL certificate that allows certification-manager access, leading to the ability to browse local files and execute local programs.
CVE IDs: CVE-2018-7572
CVSS Base Score: 6.8
Severity: MEDIUM
CWEs: CWE-287
GHSA
GHSA-432f-98h9-v2fw: Pulse Secure Client 9
ghsa_unreviewed·2022-05-14
CVE-2018-7572 [HIGH] CWE-287 GHSA-432f-98h9-v2fw: Pulse Secure Client 9
Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client. The attacker must interrupt the client's network connectivity, and trigger a connection to a crafted proxy server with an invalid SSL certificate that allows certification-manager access, leading to the ability to browse local files and execute local programs.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-09-12
Published