Overview
- Description
- A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption and possibly remote code execution.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-787
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9FCEE9FD-BA81-408D-83FB-843D6839E28D",
"versionEndIncluding": "8.3r3",
"versionStartIncluding": "8.3r1"
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "07E629D7-C049-4F86-A4E2-095178F963DC",
"versionEndIncluding": "5.4r3",
"versionStartIncluding": "5.4r1"
}
],
"operator": "OR"
}
]
}
]