SegmentSmack (CVE-2018-5390) and FragmentSmack (CVE-2018-5391) are described as a TCP implementation denial of service vulnerability. A remote attacker can send crafted sequences of TCP/IP packets may cause excessive CPU utilization to create a denial of service (DOS) conditions on the system. This attack requires a successfully two-way TCP connection to an open port, thus the attacker cannot be performed using spoofed IP addresses.
These issues apply to the following releases:
- Pulse Connect Secure 9.0RX
- Pulse Connect Secure 8.3RX
- Policy Pulse Secure 9.0RX
- Pulse Policy Secure 5.4RX
Refer to KB43892 - What releases will Pulse Secure apply fixes to resolve security vulnerabilities?
for additional release details as per the End of Engineering (EOE) and End of Life (EOL) policies.