What is CVE-2018-6320?

CVE-2018-6320 is a critical-severity vulnerability in Ivanti Connect_secure, classified under Improper Input Validation. CVSS score: 9.8/10. Published 2018-09-06.

How severe is CVE-2018-6320?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Improper input validation in Ivanti Connect_secure

CVE-2018-6320

A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an http(s) Host header r…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.041 (89.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Ivanti Connect_secure — versions 8.1
Pulsesecure Pulse_connect_secure — versions 8.1r1.0, 8.1rx, 8.3rx
Pulsesecure Pulse_policy_secure — versions 5.2r1.0, 5.2r2.0, 5.2r3.0
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2018-6320?: CVE-2018-6320 is a critical-severity vulnerability in Ivanti Connect_secure, classified under Improper Input Validation. CVSS score: 9.8/10. Published 2018-09-06.
How severe is CVE-2018-6320?: Critical severity. CVSS v3 base score is 9.8 out of 10.