CVE-2018-7572

Name of the Vulnerable Software and Affected Versions Pulse Secure Client versions 5.3RX through 5.3R4 Pulse Secure Client version 9.0R1

Description The issue allows attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client. This can be achieved by interrupting the client's network connectivity and triggering a connection to a crafted proxy server with an invalid SSL certificate, which allows certification-manager access. This access enables the attacker to browse local files and execute local programs.

Recommendations For Pulse Secure Client version 9.0R1, update to a version that includes the necessary security fixes. For Pulse Secure Client versions 5.3RX through 5.3R4, update to version 5.3R5 or later to resolve the issue.