Vulnerability Details : CVE-2018-20809
A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX.
Vulnerability category: Input validation
Products affected by CVE-2018-20809
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4:r1:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4:r2.1:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r2.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r3.1:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r7.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r8.1:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r12.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r2.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r3.2:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r7.1:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r9.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r3.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r4.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r9.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r10.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r12.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r2.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r3.2:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r8.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r10.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r1.1:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r3.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r8.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r11.1:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r4.1:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r5.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r5.1:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r5.2:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r4.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r5.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r6.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r7.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r5.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r6.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r7.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r8.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r4.1:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r5.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r6.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r7.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r4.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r5.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r6.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r7.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4:r3:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4:r4:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r1.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r1.1:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r8.2:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r9.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r10.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r11.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r10.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r11.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r1.1:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r2.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r12.1:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r13.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r14.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r1.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r9.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r11.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r12.1:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r13.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r13.1:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r130:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r13.1:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r13.2:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r13.3:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4:r2:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r3.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r4.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r6.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r8.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r1.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r3.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r8.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r9.1:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r2.1:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r3.2:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r9.1:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r11.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r3.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r4.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r7.1:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r8.1:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r1.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r2.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r10:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r12.0:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r1.0:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:8.3:r1:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:8.3:r2:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:8.3:r2.1:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:8.3:r3:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:8.3:r4:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-20809
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 43 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-20809
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2018-20809
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-20809
-
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/
Pulse Security Advisory: SA43877 - 2018-08 Security Bulletin: Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure / Pulse Secure Desktop 9.0R1/9.0R2Vendor Advisory
Jump to