Skip to main content

Pulse Secure Desktop Client CVE-2018-15726

MEDIUM
OS Command Injection (CWE-78)
2018-09-06 cve@mitre.org
5.3
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

1
CVE Published
Sep 06, 2018 - 23:29 nvd
MEDIUM 5.3

DescriptionNVD

The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability.

AnalysisAI

The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability. Affected products include: Pulsesecure Pulse Secure Desktop Client. Version information: before 5.3.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.

CVE-2020-13162 HIGH POC
7.0 Jun 16

A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down

CVE-2020-8239 CRITICAL
9.8 Oct 28

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation att

CVE-2018-11002 MEDIUM POC
5.5 Nov 29

Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions. Rated medium se

CVE-2020-8254 HIGH
8.8 Oct 28

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to

CVE-2019-11213 HIGH
8.1 Apr 12

In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof se

CVE-2020-8250 HIGH
7.8 Oct 28

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. Ra

CVE-2020-8249 HIGH
7.8 Oct 28

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflo

CVE-2020-8248 HIGH
7.8 Oct 28

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. Ra

CVE-2020-8240 HIGH
7.8 Oct 28

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use syste

CVE-2018-15865 HIGH
7.8 Sep 06

The Pulse Secure Desktop (macOS) has a Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerab

CVE-2020-8241 HIGH
7.5 Oct 28

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end user

CVE-2018-16261 MEDIUM
6.8 Sep 06

In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dy

Share

CVE-2018-15726 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy