PT-2018-19073 · Pulse Secure · Pulse Connect Secure

Publicado

2018-05-10

Atualizado

2019-10-03

CVE-2018-9849

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Pulse Secure Pulse Connect Secure versions 8.1.x through 8.1R13 Pulse Secure Pulse Connect Secure versions 8.2.x through 8.2R10 Pulse Secure Pulse Connect Secure versions 8.3.x through 8.3R4

Description The issue arises from improper processing of nested XML entities, allowing remote attackers to cause a denial of service by consuming memory and triggering memory errors via a crafted XML document.

Recommendations For Pulse Secure Pulse Connect Secure versions 8.1.x through 8.1R13, update to version 8.1R14 or later. For Pulse Secure Pulse Connect Secure versions 8.2.x through 8.2R10, update to version 8.2R11 or later. For Pulse Secure Pulse Connect Secure versions 8.3.x through 8.3R4, update to version 8.3R5 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2018-9849

Produtos afetados

Pulse Connect Secure

PT-2018-19073 · Pulse Secure · Pulse Connect Secure

CVE-2018-9849

Identificadores relacionados

Produtos afetados

Referências · 4