Vulnerability Details : CVE-2018-6374
The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. This can lead to the manipulation of the Pulse Connection set.
Products affected by CVE-2018-6374
- cpe:2.3:a:pulsesecure:desktop_linux_client:*:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:desktop_linux_client:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-6374
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 33 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-6374
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:P |
10.0
|
4.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
3.9
|
2.5
|
NIST |
CWE ids for CVE-2018-6374
-
The product does not validate, or incorrectly validates, a certificate.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-6374
-
http://www.securityfocus.com/bid/102908
Pulse Secure Desktop Linux Client CVE-2018-6374 Man in the Middle Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43620
Pulse Security Advisory: SA43620 - 2018-01 Out-Of-Cycle Advisory : Pulse Secure Desktop Linux Client - SSL Certificate Validation IssueVendor Advisory
Jump to