PT-2018-13456 · Pulse Secure · Pulse Desktop Client

Published

2018-09-06

Updated

2019-10-03

CVE-2018-16261

CVSS v3.1

6.8

Medium

Vector

AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Pulse Secure Pulse Desktop Client versions 5.3RX before 5.3R5 Pulse Secure Pulse Desktop Client version 9.0R1

Description The issue is related to a Privilege Escalation Vulnerability with Dynamic Certificate Trust.

Recommendations For Pulse Secure Pulse Desktop Client versions 5.3RX before 5.3R5, update to version 5.3R5 or later. For Pulse Secure Pulse Desktop Client version 9.0R1, update to a newer version that contains a fix for this issue.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2018-16261

Affected Products

Pulse Desktop Client

PT-2018-13456 · Pulse Secure · Pulse Desktop Client

CVE-2018-16261

Weakness Enumeration

Related Identifiers

Affected Products

References · 3