Reset Search
 

 
Article

SA43604 - 2018-01 Out-of-Cycle Advisory: Stack buffer overflow Vulnerability (CVE-2018-5299)

Printable View
« Go Back

Information

 
Product AffectedPulse Connect Secure (PCS) 8.3R1 - 8.3R3 and Pulse Policy Secure (PPS) 5.4R1 - 5.4R3
Problem
A buffer overflow vulnerability has been found in the web server that could allow a remote attacker to cause memory corruption and possibly execute arbitrary code via a crafted web request.

This issue is applicable only to following releases:
  • Pulse Connect Secure 8.3R1 - 8.3R3
  • Pulse Policy Secure 5.4R1 - 5.4R3
Solution
This issue is resolved in the following PCS/PPS releases:

 
Workaround
Implementation
Related Links
CVSS Score10 CVSS v3: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Risk Assessment
Acknowledgements
This vulnerability was discovered and responsibly reported to Pulse Secure by Adrien Stoffel of SCRT.
Alert TypeSA - Security Advisory
Risk LevelCritical
Attachment 1 
Attachment 2 
Legacy ID

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255