Multiple vulnerabilities in Pulse Connect Secure
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2018-14366 CVE-2018-6320 |
| CWE-ID | CWE-601 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Ivanti Connect Secure (formerly Pulse Connect Secure) Server applications / Remote access servers, VPN Ivanti Policy Secure (formerly Pulse Policy Secure) Server applications / Remote access servers, VPN |
| Vendor | Ivanti |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Open redirect
EUVDB-ID: #VU36717
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-14366
CWE-ID:
CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability.
MitigationInstall update from vendor's website.
Vulnerable software versionsIvanti Connect Secure (formerly Pulse Connect Secure): 8.1 - 8.3rx
Ivanti Policy Secure (formerly Pulse Policy Secure): 5.2R1.0 - 8.3rx
External linkshttp://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU36720
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6320
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an http(s) Host header received from the browser is trusted without validation.
MitigationInstall update from vendor's website.
Vulnerable software versionsIvanti Connect Secure (formerly Pulse Connect Secure): 8.1 - 8.3rx
Ivanti Policy Secure (formerly Pulse Policy Secure): 5.2R1.0 - 8.3rx
External linkshttp://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
