Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-16261

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-06 Sep, 2018 | 23:00
Updated At-05 Aug, 2024 | 10:17
Rejected At-
Credits

In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:06 Sep, 2018 | 23:00
Updated At:05 Aug, 2024 | 10:17
Rejected At:
▼CVE Numbering Authority (CNA)

In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877
x_refsource_CONFIRM
Hyperlink: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877
x_refsource_CONFIRM
x_transferred
Hyperlink: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:06 Sep, 2018 | 23:29
Updated At:03 Oct, 2019 | 00:03

In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.06.8MEDIUM
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.04.6MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 6.8
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Pulse Secure
pulsesecure
>>pulse_secure_desktop_client>>5.3r1
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r1:*:*:*:*:windows:*:*
Pulse Secure
pulsesecure
>>pulse_secure_desktop_client>>5.3r1.1
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r1.1:*:*:*:*:windows:*:*
Pulse Secure
pulsesecure
>>pulse_secure_desktop_client>>5.3r2
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r2:*:*:*:*:windows:*:*
Pulse Secure
pulsesecure
>>pulse_secure_desktop_client>>5.3r3
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r3:*:*:*:*:windows:*:*
Pulse Secure
pulsesecure
>>pulse_secure_desktop_client>>5.3r4
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r4:*:*:*:*:windows:*:*
Pulse Secure
pulsesecure
>>pulse_secure_desktop_client>>5.3r4.1
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r4.1:*:*:*:*:windows:*:*
Pulse Secure
pulsesecure
>>pulse_secure_desktop_client>>5.3r4.2
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r4.2:*:*:*:*:windows:*:*
Pulse Secure
pulsesecure
>>pulse_secure_desktop_client>>5.3rx
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3rx:*:*:*:*:windows:*:*
Pulse Secure
pulsesecure
>>pulse_secure_desktop_client>>9.0r1
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0r1:*:*:*:*:windows:*:*
Weaknesses
CWE IDTypeSource
CWE-295Primarynvd@nist.gov
CWE ID: CWE-295
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877cve@mitre.org
Vendor Advisory
Hyperlink: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

14Records found
CVE-2018-15726
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.49%
||
7 Day CHG~0.00%
Published-06 Sep, 2018 | 23:00
Updated-05 Aug, 2024 | 10:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability.

Action-Not Available
Vendor-n/aPulse Secure
Product-pulse_secure_desktop_clientn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-8250
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-7.8||HIGH
EPSS-0.35% / 56.74%
||
7 Day CHG~0.00%
Published-28 Oct, 2020 | 12:41
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.

Action-Not Available
Vendor-n/aPulse Secure
Product-pulse_secure_desktop_clientPulse Secure Desktop Client
CVE-2018-15865
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.90%
||
7 Day CHG~0.00%
Published-06 Sep, 2018 | 23:00
Updated-05 Aug, 2024 | 10:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Pulse Secure Desktop (macOS) has a Privilege Escalation Vulnerability.

Action-Not Available
Vendor-n/aPulse Secure
Product-pulse_secure_desktop_clientn/a
CVE-2018-7572
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.04% / 8.73%
||
7 Day CHG~0.00%
Published-12 Sep, 2018 | 16:00
Updated-05 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client. The attacker must interrupt the client's network connectivity, and trigger a connection to a crafted proxy server with an invalid SSL certificate that allows certification-manager access, leading to the ability to browse local files and execute local programs.

Action-Not Available
Vendor-n/aPulse Secure
Product-pulse_secure_desktopn/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-8248
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-7.8||HIGH
EPSS-0.41% / 60.26%
||
7 Day CHG~0.00%
Published-28 Oct, 2020 | 12:40
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.

Action-Not Available
Vendor-n/aPulse Secure
Product-pulse_secure_desktop_clientPulse Secure Desktop Client
CVE-2020-8249
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-7.8||HIGH
EPSS-0.65% / 69.93%
||
7 Day CHG~0.00%
Published-28 Oct, 2020 | 12:40
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow.

Action-Not Available
Vendor-n/aPulse Secure
Product-pulse_secure_desktop_clientPulse Secure Desktop Client
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-11580
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.25% / 47.93%
||
7 Day CHG~0.00%
Published-06 Apr, 2020 | 20:03
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, accepts an arbitrary SSL certificate.

Action-Not Available
Vendor-n/aApple Inc.Oracle CorporationPulse SecureLinux Kernel Organization, Inc
Product-solarislinux_kernelpulse_connect_securepulse_policy_securemacosn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2018-6374
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 36.66%
||
7 Day CHG~0.00%
Published-31 Jan, 2018 | 21:00
Updated-05 Aug, 2024 | 06:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. This can lead to the manipulation of the Pulse Connection set.

Action-Not Available
Vendor-n/aPulse Secure
Product-desktop_linux_clientn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-22278
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.08%
||
7 Day CHG~0.00%
Published-28 Oct, 2021 | 12:45
Updated-16 Sep, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Certificate verification vulnerability in Update Manager of PCM600 Engineering Tool

A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed.

Action-Not Available
Vendor-Hitachi Energy Ltd.ABB
Product-update_managerpcm600PCM600PCM600 Update Manager
CWE ID-CWE-295
Improper Certificate Validation
CVE-2018-12205
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 31.23%
||
7 Day CHG~0.00%
Published-14 Mar, 2019 | 20:00
Updated-16 Sep, 2024 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper certificate validation in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core(tm) Processor, 7th Generation Intel(R) Core(tm) Processor may allow an unauthenticated user to potentially enable an escalation of privilege via physical access.

Action-Not Available
Vendor-Intel Corporation
Product-core_i5platform_sample_firmwaresilicon_reference_firmwarecore_i7core_i3Intel Platform Sample / Silicon Reference firmware
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-20071
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.36%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:38
Updated-03 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ccu, there is a possible escalation of privilege due to a missing certificate validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06183315; Issue ID: ALPS06183315.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6873mt6893androidmt6833mt6885mt8797mt6877mt6853MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8797
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-20034
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.01% / 0.48%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:05
Updated-03 Aug, 2024 | 01:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Preloader XFLASH, there is a possible escalation of privilege due to an improper certificate validation. This could lead to local escalation of privilege for an attacker who has physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160806.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6873mt6893mt6799mt6771mt6833mt6580mt6885mt6735mt6877mt6781mt6765mt6891mt6853mt6739androidmt6769mt6761mt6875mt6768mt6779mt6785mt6763MT6580, MT6735, MT6739, MT6761, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6799, MT6833, MT6853, MT6873, MT6875, MT6877, MT6885, MT6891, MT6893
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-3563
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-8.8||HIGH
EPSS-0.21% / 43.76%
||
7 Day CHG~0.00%
Published-24 Apr, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxOracle VM VirtualBox
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-3162
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.28%
||
7 Day CHG~0.00%
Published-15 Jan, 2021 | 21:54
Updated-03 Aug, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.

Action-Not Available
Vendor-n/aApple Inc.Docker, Inc.
Product-dockermacosn/a
CWE ID-CWE-295
Improper Certificate Validation
Details not found