7.2
CVE-2018-7572
- EPSS 0.04%
- Published 12.09.2018 16:29:04
- Last modified 21.11.2024 04:12:23
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client. The attacker must interrupt the client's network connectivity, and trigger a connection to a crafted proxy server with an invalid SSL certificate that allows certification-manager access, leading to the ability to browse local files and execute local programs.
Data is provided by the National Vulnerability Database (NVD)
Pulsesecure ≫ Pulse Secure Desktop Version5.3r1.0
Pulsesecure ≫ Pulse Secure Desktop Version5.3r1.1
Pulsesecure ≫ Pulse Secure Desktop Version5.3r2.0
Pulsesecure ≫ Pulse Secure Desktop Version5.3r3.0
Pulsesecure ≫ Pulse Secure Desktop Version5.3r4.0
Pulsesecure ≫ Pulse Secure Desktop Version5.3r4.1
Pulsesecure ≫ Pulse Secure Desktop Version5.3r4.2
Pulsesecure ≫ Pulse Secure Desktop Version5.3rx
Pulsesecure ≫ Pulse Secure Desktop Version9.0r1.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.068 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 0.9 | 5.9 |
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.