What is CVE-2018-5299?

CVE-2018-5299 is a critical-severity vulnerability in Pulsesecure Pulse_connect_secure, classified under Out-of-bounds Write. CVSS score: 9.8/10. Published 2018-01-16.

How severe is CVE-2018-5299?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Buffer overflow in Pulsesecure Pulse_connect_secure

CVE-2018-5299

A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption and possibly remote code execution.

Vulnerability class: Buffer Overflow

EPSS: 0.031 (86.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Pulsesecure Pulse_connect_secure
Pulsesecure Pulse_policy_secure
N/a — versions n/a

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

References

cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)

Frequently asked questions

What is CVE-2018-5299?: CVE-2018-5299 is a critical-severity vulnerability in Pulsesecure Pulse_connect_secure, classified under Out-of-bounds Write. CVSS score: 9.8/10. Published 2018-01-16.
How severe is CVE-2018-5299?: Critical severity. CVSS v3 base score is 9.8 out of 10.