PT-2018-17514 · Pulse Secure · Pulse Secure Desktop Linux Clients

Published

2018-01-31

Updated

2018-02-24

CVE-2018-6374

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions Pulse Secure Desktop Linux clients versions prior to PULSE5.2R9.2 Pulse Secure Desktop Linux clients versions 5.3.x prior to PULSE5.3R4.2

Description The issue concerns the GUI component, also known as PulseUI, which does not perform strict SSL Certificate Validation. This lack of validation can lead to the manipulation of the Pulse Connection set.

Recommendations For Pulse Secure Desktop Linux clients versions prior to PULSE5.2R9.2, update to version PULSE5.2R9.2 or later. For Pulse Secure Desktop Linux clients versions 5.3.x prior to PULSE5.3R4.2, update to version PULSE5.3R4.2 or later.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2018-6374

Affected Products

Pulse Secure Desktop Linux Clients

PT-2018-17514 · Pulse Secure · Pulse Secure Desktop Linux Clients

CVE-2018-6374

Weakness Enumeration

Related Identifiers

Affected Products

References · 4