CVE-2018-20809

A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX.

Published: Jun 28, 2019
Updated: Apr 13, 2023
CVE: CVE-2018-20809
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
pulsesecure / pulse_policy_secure	5.2-r1.0	5.2-r1.0.x
pulsesecure / pulse_policy_secure	5.2-r2.0	5.2-r2.0.x
pulsesecure / pulse_policy_secure	5.2-r3.0	5.2-r3.0.x
pulsesecure / pulse_policy_secure	5.2-r3.2	5.2-r3.2.x
pulsesecure / pulse_policy_secure	5.2-r4.0	5.2-r4.0.x
pulsesecure / pulse_policy_secure	5.2-r5.0	5.2-r5.0.x
pulsesecure / pulse_policy_secure	5.2-r6.0	5.2-r6.0.x
pulsesecure / pulse_policy_secure	5.2-r7.0	5.2-r7.0.x
pulsesecure / pulse_policy_secure	5.2-r7.1	5.2-r7.1.x
pulsesecure / pulse_policy_secure	5.2-r8.0	5.2-r8.0.x
pulsesecure / pulse_policy_secure	5.2-r9.0	5.2-r9.0.x
pulsesecure / pulse_policy_secure	5.2-r9.1	5.2-r9.1.x
pulsesecure / pulse_policy_secure	5.2-r10.0	5.2-r10.0.x
pulsesecure / pulse_policy_secure	5.2-r11.0	5.2-r11.0.x
pulsesecure / pulse_policy_secure	5.4-r1	5.4-r1.x
pulsesecure / pulse_policy_secure	5.4-r2	5.4-r2.x
pulsesecure / pulse_policy_secure	5.4-r2.1	5.4-r2.1.x
pulsesecure / pulse_policy_secure	5.4-r3	5.4-r3.x
pulsesecure / pulse_policy_secure	5.4-r4	5.4-r4.x
pulsesecure / pulse_policy_secure	5.3-r1.0	5.3-r1.0.x
pulsesecure / pulse_policy_secure	5.3-r1.1	5.3-r1.1.x
pulsesecure / pulse_policy_secure	5.3-r2.0	5.3-r2.0.x
pulsesecure / pulse_policy_secure	5.3-r3.0	5.3-r3.0.x
pulsesecure / pulse_policy_secure	5.3-r3.1	5.3-r3.1.x
pulsesecure / pulse_policy_secure	5.3-r4.0	5.3-r4.0.x
pulsesecure / pulse_policy_secure	5.3-r4.1	5.3-r4.1.x
pulsesecure / pulse_policy_secure	5.3-r5.0	5.3-r5.0.x
pulsesecure / pulse_policy_secure	5.3-r5.1	5.3-r5.1.x
pulsesecure / pulse_policy_secure	5.3-r5.2	5.3-r5.2.x
pulsesecure / pulse_policy_secure	5.3-r6.0	5.3-r6.0.x
pulsesecure / pulse_policy_secure	5.3-r7.0	5.3-r7.0.x
pulsesecure / pulse_policy_secure	5.3-r8.0	5.3-r8.0.x
pulsesecure / pulse_policy_secure	5.3-r8.1	5.3-r8.1.x
pulsesecure / pulse_policy_secure	5.3-r8.2	5.3-r8.2.x
pulsesecure / pulse_policy_secure	5.3-r9.0	5.3-r9.0.x
pulsesecure / pulse_policy_secure	5.3-r10.0	5.3-r10.0.x
pulsesecure / pulse_policy_secure	5.3-r11.0	5.3-r11.0.x
pulsesecure / pulse_policy_secure	5.3-r12.0	5.3-r12.0.x
pulsesecure / pulse_policy_secure	5.1-r1.1	5.1-r1.1.x
pulsesecure / pulse_policy_secure	5.1-r2.0	5.1-r2.0.x
pulsesecure / pulse_policy_secure	5.1-r2.1	5.1-r2.1.x
pulsesecure / pulse_policy_secure	5.1-r3.0	5.1-r3.0.x
pulsesecure / pulse_policy_secure	5.1-r3.2	5.1-r3.2.x
pulsesecure / pulse_policy_secure	5.1-r4.0	5.1-r4.0.x
pulsesecure / pulse_policy_secure	5.1-r5.0	5.1-r5.0.x
pulsesecure / pulse_policy_secure	5.1-r6.0	5.1-r6.0.x
pulsesecure / pulse_policy_secure	5.1-r7.0	5.1-r7.0.x
pulsesecure / pulse_policy_secure	5.1-r8.0	5.1-r8.0.x
pulsesecure / pulse_policy_secure	5.1-r9.0	5.1-r9.0.x
pulsesecure / pulse_policy_secure	5.1-r9.1	5.1-r9.1.x
pulsesecure / pulse_policy_secure	5.1-r10.0	5.1-r10.0.x
pulsesecure / pulse_policy_secure	5.1-r11.0	5.1-r11.0.x
pulsesecure / pulse_policy_secure	5.1-r12.0	5.1-r12.0.x
pulsesecure / pulse_policy_secure	5.1-r12.1	5.1-r12.1.x
pulsesecure / pulse_policy_secure	5.1-r13.0	5.1-r13.0.x
pulsesecure / pulse_policy_secure	5.1-r14.0	5.1-r14.0.x
pulsesecure / pulse_policy_secure	5.1-r1.0	5.1-r1.0.x
pulsesecure / pulse_policy_secure	5.0-r2.0	5.0-r2.0.x
pulsesecure / pulse_policy_secure	5.0-r3.0	5.0-r3.0.x
pulsesecure / pulse_policy_secure	5.0-r3.2	5.0-r3.2.x
pulsesecure / pulse_policy_secure	5.0-r4.0	5.0-r4.0.x
pulsesecure / pulse_policy_secure	5.0-r4.1	5.0-r4.1.x
pulsesecure / pulse_policy_secure	5.0-r5.0	5.0-r5.0.x
pulsesecure / pulse_policy_secure	5.0-r6.0	5.0-r6.0.x
pulsesecure / pulse_policy_secure	5.0-r7.0	5.0-r7.0.x
pulsesecure / pulse_policy_secure	5.0-r7.1	5.0-r7.1.x
pulsesecure / pulse_policy_secure	5.0-r8.0	5.0-r8.0.x
pulsesecure / pulse_policy_secure	5.0-r8.1	5.0-r8.1.x
pulsesecure / pulse_policy_secure	5.0-r10.0	5.0-r10.0.x
pulsesecure / pulse_policy_secure	5.0-r9.0	5.0-r9.0.x
pulsesecure / pulse_policy_secure	5.0-r11.0	5.0-r11.0.x
pulsesecure / pulse_policy_secure	5.0-r12.1	5.0-r12.1.x
pulsesecure / pulse_policy_secure	5.0-r13.0	5.0-r13.0.x
pulsesecure / pulse_policy_secure	5.0-r13.1	5.0-r13.1.x
pulsesecure / pulse_policy_secure	5.0-r1.0	5.0-r1.0.x
pulsesecure / pulse_policy_secure	4.4-r1.1	4.4-r1.1.x
pulsesecure / pulse_policy_secure	4.4-r2.0	4.4-r2.0.x
pulsesecure / pulse_policy_secure	4.4-r3.0	4.4-r3.0.x
pulsesecure / pulse_policy_secure	4.4-r4.0	4.4-r4.0.x
pulsesecure / pulse_policy_secure	4.4-r5.0	4.4-r5.0.x
pulsesecure / pulse_policy_secure	4.4-r6.0	4.4-r6.0.x
pulsesecure / pulse_policy_secure	4.4-r7.0	4.4-r7.0.x
pulsesecure / pulse_policy_secure	4.4-r8.0	4.4-r8.0.x
pulsesecure / pulse_policy_secure	4.4-r10	4.4-r10.x
pulsesecure / pulse_policy_secure	4.4-r11.1	4.4-r11.1.x
pulsesecure / pulse_policy_secure	4.4-r12.0	4.4-r12.0.x
pulsesecure / pulse_policy_secure	4.4-r130	4.4-r130.x
pulsesecure / pulse_policy_secure	4.4-r13.1	4.4-r13.1.x
pulsesecure / pulse_policy_secure	4.4-r13.2	4.4-r13.2.x
pulsesecure / pulse_policy_secure	4.4-r13.3	4.4-r13.3.x
pulsesecure / pulse_policy_secure	4.4-r1.0	4.4-r1.0.x
ivanti / connect_secure	8.3-r1	8.3-r1.x
ivanti / connect_secure	8.3-r2	8.3-r2.x
ivanti / connect_secure	8.3-r2.1	8.3-r2.1.x
ivanti / connect_secure	8.3-r3	8.3-r3.x
ivanti / connect_secure	8.3-r4	8.3-r4.x

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/

Vulnerability Database

290,206

CVE-2018-20809