CVE-2018-6374
MEDIUMPulse Secure Desktop Linux Client < 5.2r9.2 and 5.3.x < 5.3r4.2 - Improper Certificate Validation in PulseUI
Title source: llmDescription
The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. This can lead to the manipulation of the Pulse Connection set.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/102908
Vendor Advisory x_refsource_confirm
http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43620
Scores
CVSS v3
6.5
EPSS
0.0063
EPSS Percentile
45.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Details
CWE
CWE-295
Status
published
Products (1)
pulsesecure/desktop_linux_client
< 5.2r9.2
Published
Jan 31, 2018
Tracked Since
Feb 18, 2026