Reset Search
 

 

Article

SA43730 - 2018-04: Security Bulletin: Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure 9.0R1

« Go Back

Information

 
Product Affected
Problem
This advisory provides information about multiple vulnerabilities resolved in Pulse Connect Secure and Pulse Policy Secure 9.0R1 release.  These issues apply to all release prior to PCS and PPS 9.0R1.

Additionally, these issues are resolved in the following releases:

Pulse Connect Secure:
  • 9.0R1
  • 8.3R5
  • 8.2R11
  • 8.1R14
Pulse Policy Secure:
  • 9.0R1
  • 5.4R4
  • 5.3R11
  • 5.2R10
Solution
CVECVSS Score (V3)Summary
CVE-2007-58467.8
CVSS:3.0/AV:N/AC:L/Au:N/C:N/I:N/A:C
The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value.
CVE-2018-98495.3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of service (memory consumption and memory errors) via a crafted XML document.
 
6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
A cross site scripting issue has been found in welcome.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1.x before 8.1R12, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 due to one of the URL parameters not being sanitized properly.
CVE-2016-10142
5.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages. (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security implications of IP fragmentation have been discussed at length in [RFC6274] and [RFC7739]. An attacker can leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and can subsequently perform any type of fragmentation-based attack against legacy IPv6 nodes that do not implement [RFC6946
CVE-2016-2125
6.4 CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Samba client code always requests a forwardable ticket
when using Kerberos authentication. This means the
target server, which must be in the current or trusted
domain/realm, is given a valid general purpose Kerberos
"Ticket Granting Ticket" (TGT), which can be used to
fully impersonate the authenticated user or service
CVE-2016-2126
5.0 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

A remote, authenticated, attacker can cause the winbindd process
to crash using a legitimate Kerberos ticket due to incorrect
handling of the arcfour-hmac-md5 PAC checksum.

A local service with access to the winbindd privileged pipe can
cause winbindd to cache elevated access permissions.

 8.3 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:HA cross site scripting issue has been found in new_object.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1.x before 8.1R13, 8.2.x before 8.2R10, and 8.3.x before 8.3R4 due to one of the URL parameters not being sanitized properly.
Workaround
Implementation
Related Links
CVSS Score
Risk Assessment
Acknowledgements
Alert Type 
Risk Level 
Attachment 1 
Attachment 2 
Legacy ID

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255