9.8
CVE-2018-5299
- EPSS 11.38%
- Veröffentlicht 16.01.2018 22:29:00
- Zuletzt bearbeitet 21.11.2024 04:08:32
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption and possibly remote code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Pulsesecure ≫ Pulse Connect Secure Version >= 8.3r1 <= 8.3r3
Pulsesecure ≫ Pulse Policy Secure Version >= 5.4r1 <= 5.4r3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 11.38% | 0.933 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.