CVE-2018-6320

CRITICAL

Pulse Secure Pulse Connect Secure and Pulse Policy Secure - Server-Side Request Forgery via Host Header

Title source: llm

Description

A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an http(s) Host header received from the browser is trusted without validation.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877

Scores

CVSS v3 9.8

EPSS 0.0316

EPSS Percentile 87.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (18)

ivanti/connect_secure 8.1

pulsesecure/pulse_connect_secure 8.1r1.0

pulsesecure/pulse_connect_secure 8.1rx

pulsesecure/pulse_connect_secure 8.3rx

pulsesecure/pulse_policy_secure 5.2r1.0

pulsesecure/pulse_policy_secure 5.2r2.0

pulsesecure/pulse_policy_secure 5.2r3.0

pulsesecure/pulse_policy_secure 5.2r3.2

pulsesecure/pulse_policy_secure 5.2r4.0

pulsesecure/pulse_policy_secure 5.2r5.0

... and 8 more

Published Sep 06, 2018

Tracked Since Feb 18, 2026