CVE-2018-5299

A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption and possibly remote code execution.

Published: Jan 16, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-5299
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
pulsesecure / pulse_policy_secure	5.4r1	5.4r3.x
pulsesecure / pulse_connect_secure	8.3r1	8.3r3.x

http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43604

Vulnerability Database

289,784

CVE-2018-5299