CVE-2018-5299
CRITICALPulse Secure PCS <8.3R4-PPS <5.4R4 - Buffer Overflow
Title source: llmDescription
A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption and possibly remote code execution.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43604
Scores
CVSS v3
9.8
EPSS
0.0306
EPSS Percentile
86.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (2)
pulsesecure/pulse_connect_secure
8.3r1 - 8.3r3
pulsesecure/pulse_policy_secure
5.4r1 - 5.4r3
Published
Jan 16, 2018
Tracked Since
Feb 18, 2026