PT-2018-19073 · Pulse Secure · Pulse Connect Secure

Published

2018-05-10

Updated

2019-10-03

CVE-2018-9849

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Pulse Secure Pulse Connect Secure versions 8.1.x through 8.1R13 Pulse Secure Pulse Connect Secure versions 8.2.x through 8.2R10 Pulse Secure Pulse Connect Secure versions 8.3.x through 8.3R4

Description The issue arises from improper processing of nested XML entities, allowing remote attackers to cause a denial of service by consuming memory and triggering memory errors via a crafted XML document.

Recommendations For Pulse Secure Pulse Connect Secure versions 8.1.x through 8.1R13, update to version 8.1R14 or later. For Pulse Secure Pulse Connect Secure versions 8.2.x through 8.2R10, update to version 8.2R11 or later. For Pulse Secure Pulse Connect Secure versions 8.3.x through 8.3R4, update to version 8.3R5 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2018-9849

Affected Products

Pulse Connect Secure

PT-2018-19073 · Pulse Secure · Pulse Connect Secure

CVE-2018-9849

Related Identifiers

Affected Products

References · 4