PT-2018-17514 · Pulse Secure · Pulse Secure Desktop Linux Clients

Publicado

2018-01-31

Atualizado

2018-02-24

CVE-2018-6374

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions Pulse Secure Desktop Linux clients versions prior to PULSE5.2R9.2 Pulse Secure Desktop Linux clients versions 5.3.x prior to PULSE5.3R4.2

Description The issue concerns the GUI component, also known as PulseUI, which does not perform strict SSL Certificate Validation. This lack of validation can lead to the manipulation of the Pulse Connection set.

Recommendations For Pulse Secure Desktop Linux clients versions prior to PULSE5.2R9.2, update to version PULSE5.2R9.2 or later. For Pulse Secure Desktop Linux clients versions 5.3.x prior to PULSE5.3R4.2, update to version PULSE5.3R4.2 or later.

Correção

Improper Certificate Validation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-295

Identificadores relacionados

CVE-2018-6374

Produtos afetados

Pulse Secure Desktop Linux Clients

PT-2018-17514 · Pulse Secure · Pulse Secure Desktop Linux Clients

CVE-2018-6374

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4