Vulnerabilities > CVE-2018-5299 - Out-of-bounds Write vulnerability in Pulsesecure Pulse Connect Secure and Pulse Policy Secure

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

pulsesecure

CWE-787

NVD

Published: 2018-01-16

Updated: 2020-08-24

Summary

A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption and possibly remote code execution.

Vulnerable Configurations

Part	Description	Count
Application	Pulsesecure Pulsesecure Pulse Connect Secure 8.3R1 Pulsesecure Pulse Connect Secure 8.3R1.1 Pulsesecure Pulse Connect Secure 8.3R2 Pulsesecure Pulse Connect Secure 8.3R2.1 Pulsesecure Pulse Connect Secure 8.3R3 Pulsesecure Pulse Policy Secure *	6

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43604