CVE-2018-20809

Опубликовано: 28 июн. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX.

Ссылки

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/
Vendor Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ivanti:connect_secure:8.3:r1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:8.3:r2:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:8.3:r2.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:8.3:r3:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:8.3:r4:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r1.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r1.1:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r10:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r11.1:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r12.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r13.1:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r13.2:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r13.3:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r130:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r2.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r3.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r4.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r5.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r6.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r7.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r8.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r1.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r10.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r11.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r12.1:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r13.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r13.1:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r2.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r3.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r3.2:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r4.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r4.1:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r5.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r6.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r7.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r7.1:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r8.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r8.1:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r9.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r1.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r1.1:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r10.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r11.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r12.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r12.1:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r13.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r14.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r2.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r2.1:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r3.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r3.2:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r4.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r5.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r6.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r7.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r8.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r9.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r9.1:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r1.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r10.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r11.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r2.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r3.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r3.2:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r4.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r5.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r6.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r7.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r7.1:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r8.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r9.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r9.1:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r1.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r1.1:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r10.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r11.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r12.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r2.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r3.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r3.1:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r4.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r4.1:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r5.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r5.1:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r5.2:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r6.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r7.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r8.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r8.1:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r8.2:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r9.0:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4:r1:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4:r2:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4:r2.1:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4:r3:*:*:*:*:*:*

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4:r4:*:*:*:*:*:*

EPSS

Процентиль: 87%

0.03312

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-x2mw-2wgh-5r92