Reset Search
 

 

Article

SA43903 - Response to SegmentSmack (CVE-2018-5390) and FragmentSmack (CVE-2018-5391)

« Go Back

Information

 
Product Affected
Problem
SegmentSmack (CVE-2018-5390) and FragmentSmack (CVE-2018-5391) are described as a TCP implementation denial of service vulnerability. A remote attacker can send crafted sequences of TCP/IP packets may cause excessive CPU utilization to create a denial of service (DOS) conditions on the system. This attack requires a successfully two-way TCP connection to an open port, thus the attacker cannot be performed using spoofed IP addresses.

These issues apply to the following releases:
  • Pulse Connect Secure 9.0RX
  • Pulse Connect Secure 8.3RX
  • Policy Pulse Secure 9.0RX
  • Pulse Policy Secure 5.4RX

Refer to KB43892 - What releases will Pulse Secure apply fixes to resolve security vulnerabilities? for additional release details as per the End of Engineering (EOE) and End of Life (EOL) policies.
Solution
Pulse Secure is working on a fix for these issues and will continue to update the advisory with tentative timelines.
Workaround
Implementation
Related Links
CVSS Score7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Risk Assessment
Acknowledgements
Alert TypeSA - Security Advisory
Risk LevelHigh
Attachment 1 
Attachment 2 
Legacy ID

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255